We have become accustomed to carrying our mobile phones and tablet devices everywhere we go. The mobile phone has essentially become an integral part of our everyday lives, helping us to communicate, make payments and socialize. Unfortunately, the smart devices of today are equipped with many different types of sensors that may be listening in on our conversations.
“In reality, we have threats from two directions — malicious apps that hijack the phone sensors to spy on us, and otherwise benign apps secretly listening to or sensing our activities, and then sending the data ‘home’ for advertising and other activities,” Hasan said.
Hasan says the first type of threat — malicious apps — are easier to prevent, especially if users install apps only from trusted sources. The second types of threats — otherwise benign apps secretly eavesdropping on us — are harder to identify and prevent.
“A tell-tale sign is what kinds of sensors an app is accessing — does it really need access to that for the advertised operation of the app?” Hasan said. “For example, if a user is installing a calculator app, does it need access to the microphone or camera? Most likely, no. However, if the app requests access to such sensors, then it may indicate that the app is going to use that privilege to gather information.”
Nitesh Saxena, Ph.D., professor in the UAB Department of Computer Science, says consumers need to be sure they trust the apps downloaded to their devices.
“It’s not really the devices, but the apps running on these devices that may gather personal information, if they wish to,” Saxena said. “The Android OS employs a permission-based security model whereby the user is alerted at the time of the app’s installation as to what resources on the device — microphone, camera, GPS, etc. — the app has access to for its overall functioning. So, if the user allows that app to have access to the microphone, that app can turn the microphone on. If that app is benign, it would just do what it is supposed to be doing. For example, a calling app will turn your microphone on only during a call. However, if the app happens to be a malicious one, it could turn the microphone on even when the user is not aware, and it may record the audio and exfiltrate it to a remote attacker.”
Another issue for users lies in checking the permissions an app requests. Some permissions may make a device vulnerable to malicious apps’ accessing resources to which they are not supposed to have access.
“A vast amount of security research shows that users do not pay much attention to these permissions while installing the apps on their devices; they don’t have the right mental models for these things or can easily get habituated to accepting without paying attention,” Saxena said. “It is also possible for two malicious apps to collude with each other. For example, app A with user-granted access to a resource can share the data with app B, which may not have user-granted permission to access that resource.”
Researchers have also demonstrated side channel attacks in which a malicious app can exploit benign-looking resources — motion sensors such as accelerometer or gyroscope or power consumption readings — for which the Android OS does not explicitly ask any user permission prior to granting access. By doing this, it can infer personal and sensitive information, including:
- The PIN codes entered on the touch screen, an otherwise restricted resource, based on vibrations of finger presses;
- Speech/speech characteristics, especially if you use your phone in the speakerphone mode. It picks these up via the speech reverberations;
- Tracking your locations when you are driving via vibration information captured from your phone placed in the car; and
- Tracking your location based on the power consumptions. Your phone incurs different amounts of power when it is near different cell towers, etc.
What can users do to prevent the threat to their privacy?
Although these attacks may not be fully practical today, they definitely showcase the underlying vulnerability.
Saxena says some recent research studies have demonstrated that many apps in the Android ecosystem have actually been exploiting Android’s permission model to learn sensitive information, such as the device’s IMEI, MAC address or geolocation information to track the device/user, and even exploiting and exfiltrating audio and video data.
“The security vulnerability of smart speakers, like Amazon Alexa or Google Home, is slightly different,” said Saxena.
“Here, the user has installed a device in his home or office, and this device has a microphone that receives and understands users’ vocal commands,” Saxena said. “Ideally, the speaker system should wake up only when the user issues a wake phrase like “OK, Google,” but there is nothing that prevents it from recording the audio at will on regular user conversations. Also, it is likely that, as the speaker listens to our commands, which are often stored on the cloud servers of these companies, the audio could contain sensitive information spoken in the background — music and TV programs played in the background — that may be of interest to some malicious actors.
What can users do to prevent the threat to their privacy?
- Check all permissions given to various apps. Does each app really need to access sensitive sensors — GPS, microphone, camera — to function? If something has requested and received more access and privileges than it should have, turn that off from the settings.
- When installing new apps, do the same check. Do not give permission to all privileges the app is asking for, unless it really needs the privilege to function.
- Only install apps from official or legitimate sources.
- For sensitive conversations, it might be a good idea to put your phone away or turn it off.
- Disable apps from recording and maintaining users’ location history — Google Maps, Facebook.
- Utilize anti-virus apps.
Research is underway attempting to solve some of these problems. Google is currently working on a project called Project Alias that aims to prevent the smart speaker devices, like Google Home, to eavesdrop on people’s conversations. The device works by inserting random noise into the microphone of the speaker except when the user issues a command to the speaker.
The bottom line, Saxena says, is that our phones and tablets now have eyes and ears and they can easily collect very intimate details about our personal lives. “We must be aware of the phone’s capabilities and take proactive actions,” he said.