Gyroscopes can be found in most modern mobile devices. They’re meant to help in motion-sensing, but a recent paper by researchers Yan Michalevsky, Dan Boneh and Gabi Nakibly shows that these sensors can also act as microphones. According to the researchers, what makes this accidental feature extra scary is that mobile apps generally don’t ask the user’s permission to access gyroscope data.
Put simply, the gyroscopes found in many mobile devices have a very small mass suspended inside it. When your device is moved, the mass is moved as well, which helps the sensor pick up on changes in orientation or direction. But in their paper Gyrophone: Recognizing Speech from Gyroscope Signals, Michalevsky, Boneh and Nakibly show that these motion sensors can also pick up sound. Again, since you wouldn’t know if an app is accessing your device’s gyroscope, you also would not be able to tell if someone’s recording or listening in on you through the sensor.
According to Wired, Android users are more vulnerable to this hack than iOS users because of the difference in the rates at which their gyroscopes sense vibrations. Google is said to be aware of the vulnerability and is hopefully working on a way to patch it.
While the researchers concede that the data from a single gyroscope is barely useful by itself, speech processing algorithms or software can extract usable information from that crude source. It could be a vocal or speech pattern that gives away the identity of a person, ambient sound that narrows down the target’s location or just plain sensitive information spoken out loud. Someone hacking into multiple nearby devices could also get considerably better results.
You can get a copy of Michalevsky, Boneh and Nakibly’s paper from the Stanford Security Research page. That page also holds a link to the Android app that the researchers made to sample the gyroscopes of the mobile devices they tested.