Stanford Security Research

Gyrophone: Recognizing Speech From Gyroscope Signals

We show that the MEMS gyroscopes found on modern smart phones are sufficiently sensitive to measure acoustic signals in the vicinity of the phone. The resulting signals contain only very low-frequency information (< 200 Hz). Nevertheless we show, using signal processing and machine learning, that this information is sufficient to identify speaker information and even parse speech. Since iOS and Android require no special permissions to access the gyro, our results show that apps and active web content that cannot access the microphone can nevertheless eavesdrop on speech in the vicinity of the phone.

Full USENIX'14 talk:

Full paper:
On USENIX Security website (23rd USENIX Security Symposium (USENIX Security 14))
Local copy: Gyrophone: Recognizing Speech From Gyroscope Signals

Git repository on Bitbucket.org: https://bitbucket.org/ymcrcat/gyrophone/
The repository contains the Android application and the Matlab code.

Download Android Application (for sampling the gyroscope): gyromic.apk

The Android application source code can be found under the App directory. It can be built using Eclipse or ant. To build using the ant build system simply go to the App directory and run

$ ant debug

Here's a webpage that demonstrates recording of the gyroscope sensor readings via Javascript code. You should browse it using your mobile device. The recorder data is not submitted anywhere, and it is possible to save the recorded sensor readings to a file.

Data:
Single digit pronunciations used for recording
Corresponding gyroscope recordings
Gyroscope recordings converted to WAV files (subdirectories "1", "2" and "3" correspond to gyroscope axes)

Contributors: Yan Michalevsky, Gabi Nakibly and Dan Boneh.

Mobile Device Identification via Sensor Fingerprinting

We demonstrate how the multitude of sensors on a smartphone can be used to construct a reliable hardware fingerprint of the phone. Such a fingerprint can be used to de-anonymize mobile devices as they connect to web sites, and as a second factor in identifying legitimate users to a remote server. We present two implementations: one based on analyzing the frequency response of the speakerphone-microphone system, and another based on analyzing device-specific accelerometer calibration errors. Our accelerometer-based fingerprint is especially interesting because the accelerometer is accessible via JavaScript running in a mobile web browser without requesting any permissions or notifying the user. We present the results of the most extensive sensor fingerprinting experiment done to date, which measured sensor properties from over 10,000 mobile devices. We show that the entropy from sensor fingerprinting is sufficient to uniquely identify a device among thousands of devices, with low probability of collision.

Full paper: Mobile Device Identification via Sensor Fingerprinting

Contributors: Hristo Bojinov, Dan Boneh, Yan Michalevsky and Gabi Nakibly.