Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Turn Smartphone Vibration Motor Into Microphone To Spy On You (softpedia.com)

Posted by BeauHD on from the tin-can-telephone dept.

An anonymous reader writes from a report via Softpedia: Two researchers from the University of Illinois at Urbana-Champaign have come up with a method to turn smartphone vibration motors into makeshift microphones, capable of recording the sound around them. The attack relies on using the vibration motor's coil to record incoming sound waves, which are then transmitted to the attacker, who then uses a processing algorithm to enhance the signal by reconstructing high-frequency waves. This is needed because the vibra-motor can only pick up low-frequency sounds, up to 2 kHz. Their method doesn't yield perfect results (4 in 5 people can understand the sounds) and also needs physical access to the device, but it puts in place the theoretical details needed to carry out and refine such attacks in the future.

77 comments

  1. Paranoid much? by Anonymous Coward · · Score: 1, Insightful

    No one is spying on you in this manner. These are the types of attacks that would be used by nations, not individuals. Why would anyone worry about this? It's a non-issue, especially because there are far easier ways to spy on most people. Besides, none of you are that interesting, no matter how much you might think otherwise.

    1. Re: Paranoid much? by Anonymous Coward · · Score: 4, Funny

      Nice try Obama!!!

    2. Re:Paranoid much? by MasseKid · · Score: 5, Insightful

      "especially because there are far easier ways to spy on most people" You mean like the purpose built microphone on every smartphone?

    3. Re:Paranoid much? by Anonymous Coward · · Score: 0

      Why bother with all that when you can use a known backdoor for a carrier pre-installed hidden software and listen to anyone on that network?

    4. Re:Paranoid much? by Anonymous Coward · · Score: 0

      "especially because there are far easier ways to spy on most people" You mean like the purpose built microphone on every smartphone?

      Agreed. Particularly when this attack requires physical access to the device.

    5. Re:Paranoid much? by Anonymous Coward · · Score: 0

      You need 'microphone' permission on an app to use it which is more suspicious.

    6. Re: Paranoid much? by Anonymous Coward · · Score: 0

      ehh. or put a microphone in. this needs device modification.

    7. Re:Paranoid much? by Joce640k · · Score: 2

      Yep. There's no way an operating system could possibly lie about that permission. You're totally secure as long as that checkbox is set to "off".

      --
      No sig today...
    8. Re:Paranoid much? by avandesande · · Score: 2

      Another obvious 'easier way' is the speaker.... speakers can readily be used as microphones. I would like to hear the explanation as to why they would use the motor instead..... maybe because it sounds novel?

      --
      love is just extroverted narcissism
    9. Re:Paranoid much? by Anonymous Coward · · Score: 0

      The point is that you can have someone install an app _without_ microphone privileges and still listen in to conversations. Wouldn't you be suspicious of a Candy Crush that required microphone privileges? The same app without the permissions can still listen in.
      And yes of course, the OS can lie about anything. I think that's a given.

    10. Re:Paranoid much? by Anonymous Coward · · Score: 0

      Another obvious 'easier way' is the speaker.... speakers can readily be used as microphones. I would like to hear the explanation as to why they would use the motor instead..... maybe because it sounds novel?

      Or maybe because the D/A converters that drive the speakers do not that readily function as A/D converters needed to interface a microphone to a digital device? Occam's razor, dude.

  2. You know... by Fwipp · · Score: 5, Funny

    It turns out that in addition to having vibration motors, smartphones also have regular microphones.

    Who'da thunk?

    1. Re:You know... by xxxJonBoyxxx · · Score: 2

      The original story might have been "your PAGER can hear you!"

    2. Re:You know... by hcs_$reboot · · Score: 2

      Using the microphone that doesn't require "physical access to the device" sounds too easy for the hackers. They need new challenges.

      --
      Slashdot, fix the reply notifications... You won't get away with it...
    3. Re:You know... by Ungrounded+Lightning · · Score: 3, Interesting

      It turns out that in addition to having vibration motors, smartphones also have regular microphones.

      But if the security auditors are only looking for code that gets signals from the microphone, they might miss code that gets signals from the vibrator.

      Using the ringer for a room bug has been stock stuff since at least WWII. It has the advantage that it's connected to the line all the time and doesn't require any modification of the phone.

      The early electronic piezo-electric sounders, which replaced the electromechanical bell mechanisms, were even better microphones, too. (I recall the blurb on the box of the Unisonic model 7441, which was a two-line phone from about the mid '80s, which had one of each - a bell for line 1 and a piezo sounder for line two. The blurb was really funny: The C-suite character it was attributed to was bragging about being ex-FBI and how important it was to have a secure phone. B-) )

      --
      Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    4. Re:You know... by Kkloe · · Score: 1

      "Smart"-gear have vibration motors without having microphones

    5. Re:You know... by Sneftel · · Score: 1

      But if the security auditors are only looking for code that gets signals from the microphone, they might miss code that gets signals from the vibrator.

      Sure, but this is a "requires physical access" hack, meaning the attacker could instead just tee the microphone into whatever ADC they were planning to wire the vibration motor into.

      Motors, piezo buzzers, etc. make decent microphones. *Microphones* make even better microphones. And there's one right there.

      --
      The opinions stated herein do not necessarily represent those of anybody at all. Deal with it.
    6. Re:You know... by Phreakiture · · Score: 1

      This was my immediate thought. Okay, you can do this, but why would you in the presence of much better sensors, especially ones that are already accessible via software?

      --
      www.wavefront-av.com
    7. Re:You know... by Anonymous Coward · · Score: 0

      That would have been quite a story, too bad there wasn't anybody back then literate enough to write it.

    8. Re:You know... by Anonymous Coward · · Score: 0

      But those aren't by default wired in to a line-in circuit, and there probably isn't even a line-in for the motors to be wired in to.

    9. Re: You know... by Anonymous Coward · · Score: 0

      It requires they open the phone and connect a write from the motor to the audio line input. The code then requires permission to access the audio input.

      I don't know why you would bother with the vibration motor. Just add in an extra microphone.

  3. Whoop de do. by msauve · · Score: 4, Informative

    It requires much more than simple "physical access." They hardwired the vibration motor to an analog input.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
    1. Re:Whoop de do. by Anonymous Coward · · Score: 0

      That is what I was wondering about.

      Why would a motor have an analog feedback that could be read by the phone. If the motor needs to be connected to an analog input, why not just attach a regular mic to the same analog input.

      You would get a better signal.

    2. Re:Whoop de do. by BitZtream · · Score: 1

      While I don't disagree with your point, I think your missing how security research works.

      Next someone finds a viable way to read that analog input without rooting the phone, and then someone else discovers that while the analog input isn't physically connected to the vibrator ( no one uses motors anymore, just basic electromagnets) they can read enough of a ripple from it to decode audio ...

      Sounds silly but both the NSA and CIA have done far more with FAR less.

      Not all research yields immediate and direct results.

      Expecting it to is very short sided and shows a real lack of understanding the history of science.

      https://en.wikipedia.org/wiki/...

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    3. Re:Whoop de do. by msauve · · Score: 1

      I understand how this "security research" works - some freshman college kids come up with a project worthy of honorable mention at a middle school science fair, and expect a good grade for it.

      You're an idiot, and don't understand how phones work. If they can read an analog input, they can read the microphone (most phones have multiple ones, even) directly. BTW, it is a motor, which only means it converts electrical energy to mechanical, it doesn't imply it spins. A common loudspeaker is also a motor.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    4. Re:Whoop de do. by Anonymous Coward · · Score: 0

      Maybe a current sense circuit for protection or something would feed an analogue signal back to the CPU.

    5. Re:Whoop de do. by Anonymous Coward · · Score: 0

      No, really, a loudspeaker is not a motor.

    6. Re:Whoop de do. by Anonymous Coward · · Score: 0

      From a security perspective this is bollocks. If you have physical access to the hardware and you really need to, you can put another bloody microphone in there wired to the analog input and you'll get better quality recordings from it.

      I'd be impressed if this could be done without the hardware mods, but as it is isn't particularly noteworthy, and only mildly interesting.

  4. If you have physical access to the phone... by Jake73 · · Score: 4, Insightful

    ...why not just install a microphone connected to the LINE IN instead of wiring the vibration motor to it as they have done?

    1. Re:If you have physical access to the phone... by bloodhawk · · Score: 2

      because a story saying that a hacked phone microphone could be used to listen to you would elicit the response of "No SHIT Sherlock" and people would move on without clicking on it. Far better to create an overly complex scenario that produces inferior results and is far harder to do but gets the clicks for "WTF"!

    2. Re:If you have physical access to the phone... by iggymanz · · Score: 1

      bothering to install a microphone

      on a cell phone

      mmmmkay you need to think a little harder

    3. Re:If you have physical access to the phone... by Anonymous Coward · · Score: 0

      Why? The unstated assumption is the the already present microphone can't be used for some reason, otherwise why bother at all?

    4. Re:If you have physical access to the phone... by iggymanz · · Score: 1

      the microphone present can already be used either by compromising software or, with physical access to phone by many other means too.

      why bother at all with this pointless hack that gives inferior audio?

  5. What's worse? by subk · · Score: 1, Interesting

    This dumb-ass "attack" or the fact that these clowns have jobs as researchers?

    --
    Now, if you'll excuse me, I have backups to corrupt.
    1. Re:What's worse? by gweihir · · Score: 4, Informative

      I would say that this gets reported is worse.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  6. Vibrating microphones by invictusvoyd · · Score: 1

    Making the microphone vibrate.. hmm thatâ(TM)s a challenge . Most of the cheap chinese phones can achieve that automagically.

  7. App permissions by Anonymous Coward · · Score: 2, Insightful

    Apps should have to request access to vibration functions anyway. I'm sick of link-hijacking popunders that can vibrate my phone from through my browser.

  8. My question to the College.. by Anonymous Coward · · Score: 0

    Why??
    What is the purpose of this exercise?
    Why are educational funds going to this type of research?
    What's the expected end result?

    Why is this news, other than to inflame those whom think this type of stuff is crap..

    1. Re:My question to the College.. by Kkloe · · Score: 1

      Because you can and it is awesome.

    2. Re:My question to the College.. by Pikoro · · Score: 1

      I think the more interesting part of this is the cleanup algorithms they're using to reconstruct speech from crappy sources.

      --
      "Freedom in the USA is not the ability to do what you want. It is the ability to stop others from doing what THEY want"
    3. Re: My question to the College.. by Anonymous Coward · · Score: 0

      It's kind of cool. Relax.

  9. smrtphone vibrator by Anonymous Coward · · Score: 0

    Can a researcher please turn my smrtphone vibrator into a vibrator so i can stick it in my pocket and have fun calling myself all day?

    THX!

  10. Sensationalized BS headline by jenningsthecat · · Score: 3, Insightful

    No one can "Spy On You" using this method on any stock production phone. The vibration motor is connected to an *output* of the chip that drives it, not an *input*. Additionally, that output is likely to be digital rather than analog, so even its direction could be magically reversed, the likelihood of the chip being able to process whatever signal the motor would produce in response to ambient sounds would be just about zero. And if someone was modifying your phone in order to hear your conversations, there are *much* easier, faster, more reliable, less convoluted ways of doing it - like piggybacking on the microphone that's already there.

    The ability to use a vibration motor as a microphone is a technical curiosity, but it's not at all surprising to anyone familiar with basic electrical and electronic concepts. The researchers' work is a nice proof-of-concept which may find useful application at some point. But really, the title of TFA, (and TFS), is solidly in the province of yellow journalism. There are more than enough *real* reasons to fear for our privacy - there's absolutely no need to further stoke that fire with false fears like those being promoted here.

    --
    'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
    1. Re:Sensationalized BS headline by dbIII · · Score: 1
      I'm actually far more interested in how they can "enhance the signal by reconstructing high-frequency waves". Maybe that is the real story underneath the required hype for mainstream science reporting at the moment.
      Low frequencies travel very well (turn down the bass you bastards next door) while high frequency information is lost very easily.

      use a vibration motor as a microphone is a technical curiosity, but it's not at all surprising to anyone familiar with basic electrical and electronic concepts

      Geophones for recording seismic data are still not very different to moving coil microphones from the 1930s so the idea is not very different despite different geometry.

    2. Re:Sensationalized BS headline by gweihir · · Score: 1

      This "enhancement" is not an enhancement. It consists of having a computer guess. If the computer guesses wrong, the sound quality is actually degraded. There is no technology in this universe than can reconstruct data that is missing from the signal, as that would require magic.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    3. Re:Sensationalized BS headline by tlhIngan · · Score: 1

      No one can "Spy On You" using this method on any stock production phone. The vibration motor is connected to an *output* of the chip that drives it, not an *input*. Additionally, that output is likely to be digital rather than analog, so even its direction could be magically reversed, the likelihood of the chip being able to process whatever signal the motor would produce in response to ambient sounds would be just about zero. And if someone was modifying your phone in order to hear your conversations, there are *much* easier, faster, more reliable, less convoluted ways of doing it - like piggybacking on the microphone that's already there.

      I was wondering about that, since the output is hooked to a digital PWM output (PWM gets you the ability to alter the vibrate intensity). Usually through a FET as the current drive of the PWM output is too low to adequately drive the motor (or actuator - some vibration motors are a motor attached to an offset weight, others are actuators that shake).

      I couldn't figure out a way to detect audio using the coils that results in a way that gets converted back into a signal that software can process. The FET would isolate the PWM output from any potential changes in the current draw caused by picking up the vibrations, and the PWM registers are really just a counter and match, which are governed by the system clock.

    4. Re:Sensationalized BS headline by afmstuff · · Score: 1

      In the audio recording and processing industries it is very common to introduce synthetic higher frequencies. It is a longstanding result that such addition can improve vocal clarity. It is also commonly sed as a guitar effect. A good description of some of the processing techniques is found here: https://www.soundonsound.com/s...

    5. Re:Sensationalized BS headline by Anonymous Coward · · Score: 0

      It may be useful for voice-activity detectors in smart gear that has to operate on battery. Most microphones are active, and thus require quite a bit of current to keep on all the time. Installing a separate passive microphone is the obvious solution, but takes board space. Using the speaker is also obvious, but it is patented (by at least two companies at the same time, good prior art checks at the patent office). So maybe the vibration motor may be a good libre solution.

  11. Wonder if the accelerometer is enough by SuperKendall · · Score: 1

    It's not the same thing as the vibration device, but I wonder if at the top collection speed the accelerometer included in pretty much all modern smartphones has enough fidelity of measurement to record sound.. that would be interesting.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Wonder if the accelerometer is enough by gweihir · · Score: 1

      From the accelerometers I have seen, this is infeasible, as they can report far too few measurements per second. I think the fastest one I looked at had 200 measurements/sec, but only at reduced resolution, so it may not even pick up loud sound at that.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re: Wonder if the accelerometer is enough by Anonymous Coward · · Score: 0

      Since sound waves produce optically visible vibrations, I wonder if the camera could be used?

  12. This is nonsense by gweihir · · Score: 3, Informative

    If you can physically manipulate the device, plant a proper microphone. If not, this is irrelevant, as there is no A/D input connected to that motor. The whole thing is an utterly worthless stunt by "researchers" greedy for attention but lacking in actual scientific skill. Why does this get reported here?

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:This is nonsense by iggymanz · · Score: 2

      my phone has a microphone built in! OMG what were the engineers thinking?

    2. Re:This is nonsense by gweihir · · Score: 1

      Rather obviously, this is about a microphone the OS does not know about or where the OS thinks it is something else. One could even say that this is exceptionally exceedingly massively obvious. But apparently still not obvious enough for some people.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    3. Re:This is nonsense by iggymanz · · Score: 1

      nonsense.

      there are known ways to subvert all the common phone OS in use and take over phone functions including microphone.

    4. Re:This is nonsense by gweihir · · Score: 1

      ... and which this story is not about at all. Seriously.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:This is nonsense by iggymanz · · Score: 1

      correct, this story is about a stupid needless hack for which there are trivial means to get even better audio from the microphone a phone already has.

  13. Physical access by roman_mir · · Score: 0

    So someone with physical access to your phone can add a couple of wires to it and connect your phone to a computer that decodes some signals to listen to you??? I guess I am missing the part where this makes ant kind of sense. Don't pay attention to the wires sticking out of your phone. Don't pay attention to the computer these wires go into. Also we are going to record you at the frequencies that are useless for listening....

    --
    You can't handle the truth.
  14. BS by Anonymous Coward · · Score: 0

    Nonsense.

    Besides, 2kHz is well into treble range. Yes.

    This is a case of copycats seeing it work elsewhere so these wackadasicals are giving it a go.

  15. Vibrating dildo hacked into listening device by Anonymous Coward · · Score: 0

    One could use the same technique to hack a vibrating dildo into a listening device then wire a small cell phone into the dildo to transmit the signals. Interesting this would actually be easier and stealthier than the proposed attack. Or equally stupid. Why is this on slashdot?

  16. I test this on a regular basis. by Anonymous Coward · · Score: 0

    I yell random things in my car that would normally get a person arrested if they said them in public. Haven't been arrested yet. Or they know it's harmless venting.

  17. Why not just use the microphone? by Anonymous Coward · · Score: 0

    I'm sure it's not that hard to gain access to the microphone either legitimately or otherwise (or via a EULA, which is both), so why bother with a glorified hard to access pseudo-microphone? I mean I guess it's cool in a technological way, but it just seems like a long way round to achieve your nefarious ends.

  18. yes, but someone already did that by YesIAmAScript · · Score: 1

    So these researchers didn't bother with it.

    http://www.gmanetwork.com/news...

    Instead they created a ridiculous hack that involves opening your phone and *not* just putting a microphone inside!

    --
    http://lkml.org/lkml/2005/8/20/95
  19. Danger! Trees are TERRORISTS! by Anonymous Coward · · Score: 0

    Headline: Is your tree about to kill you in a suicide attack???

    Subtitle: Man carves statue of prophet Mohammed

    Article then goes on to allude that there's some way a carved statue of the prophet is associated with terrorism blah blah blah...

    This is the sort of garbage internet and TV "news" that needs to be rejected out-of-hand as publicity stunts. The stuff done in the article is NOT something some distant hacker can remotely do to somebody's smartphone. It requires physical access to the phone and then does not even work properly. Hint: if somebody has physical access to hack your phone, they can easily implant a better-performing and smarter "bug"

    I despise these sorts of gimmicks that are just designed to hype impractical idiocies and drive money/publicity to the "experts" behind them. They churn this sort of garbage out and then everybody is supposed to "oooh" and "aaaaaah" over what they've done and written and pretend that it is in any way practical or relevant and that these people should be considered "experts" in security that people should buy books and pay for lectures from.

  20. It gets even better... by Anonymous Coward · · Score: 0

    That same vibration motor powers your favorite sex toy!

    1. Re:It gets even better... by Anonymous Coward · · Score: 0

      Oh yea, keep talking... you mentioned sex.

  21. Guess from several clues maybe by dbIII · · Score: 2

    This "enhancement" is not an enhancement. It consists of having a computer guess

    Obviously, but in what way with what degree of success?

    There is no technology in this universe than can reconstruct data that is missing from the signal

    Sometimes there doesn't have to be but a workaround can be useful. As an example a few years ago I attended a presentation on Transmission Electron Microscopy on some structures in teeth related to tooth growth right down to the atomic level. Calcium atoms could not be imaged - data was missing from the signal due to lack of resolution. However comparing computer models of defocused images of different structures could be matched with the real images with not enough resolution to be focused led to being able to derive the structure without actually being able to properly image it.
    That's an example of taking incomplete data and generating something that could have produced that incomplete data. If you can get a very large amount of the incomplete data, the missing signal is repetitive and you can model the degradation it's possible to model artificial data going through the same process and match it to the real data. I'd be interested to see what they are getting and how.

    The important thing is that the low frequency noise is not always going to be the only clue and there can be some expectation as to what the original source is going to look like - eg. model of human speech and matching from running that through a filter matching the expected degradation. How the clues are put together could be interesting.

  22. Pointless? by ripvlan · · Score: 1

    Attacker needs to borrow phone, split it open, add a bunch of wires and jumpers, put phone back together -- and then the quality is such that few people understand the words spoken.

    Great experiment - but I am missing the point. Sure is neat that this kind of device could be used. Might they instead extend the attack use a doorbell ringer or something?

  23. Seems secondary to me. by Anonymous Coward · · Score: 0

    They were probably looking for a vibration/earthquake detector and someone noticed they could understand conversations in the room.

    Hey we can publish this, give it to one of the students. Shows off their vibration detector or whatever, but pretty useless.

  24. so... by Anonymous Coward · · Score: 0

    queue video of Snowden ripping the motor out of a mobile phone.

  25. dildos too by Anonymous Coward · · Score: 0

    In other news, dildos vibrations send txt messages over bluetooth to Tim Cook.

    1. Re:dildos too by Anonymous Coward · · Score: 0

      Only if they detect fecal matter in an ass.

  26. of course by gzuckier · · Score: 1

    because hackers want to be able to control a phone with a microphone.

    --
    Star Trek transporters are just 3d printers.
    1. Re:of course by gzuckier · · Score: 1

      because hackers want to be able to control a phone with a microphone.

      a phone without a microphone is what i mean.

      --
      Star Trek transporters are just 3d printers.