Who’s Hacking Your Smartphone Microphone?

You’re strolling around the mall while pleasant music plays in the background. Sounds harmless, right? Well, the tunes might contain a high frequency message that only your cell phone can hear. This isn’t subliminal advertising; instead, it’s a real risk to any organization that issues phones to its employees.

Implement robust mobile security against today’s threats. Contact OptioLabs today.

Harmless Apps? Hardly

It all starts with the user installing a seemingly harmless chat app. We might love to send voice messages, but we trade this for microphone access. This can easily mean permission for complete microphone control – even when you don’t activate the app. So a third party could easily turn on your cell phone’s mic… and listen.

They’re Listening To Millions

This technology is already used by advertisers that transmit ultrasonic signals from radio, TV and Internet ads or any other place that transmits sound – maybe even from a mall sound beacon. The chat app turns the microphone on to receive signals which activate browser cookies. Now your phone freely shares info about what ads you prefer and how long you watch or hear them. It can even track your behavior in response to such ads.

As the IoT continues to develop in complexity, it allows third parties to triangulate user behavior to a level never seen before. One report estimated that in 2015 a single company provided this technology to 67 apps monitoring a total of 18 million smartphones.

Dangerously Extreme Granularity

The level of information that cross device tracking can provide on any given individual is shocking. For example, when combined with GPS tracking info, such as accessed by Facebook and Twitter, virtually any person’s movement and behavior can be monitored – where they go, meetings they schedule, what they buy and what they see on the web.

For enterprises and government entities, this means contacts and sensitive data may be easily accessed. Even more worrisome would be direct eavesdropping on high security meetings.

Smartphone Without A Mic?

In order to combat these threats, customized solutions are required. “Devices are extremely vulnerable when the leave the factory,” says Hamilton Turner, OptioLab’s CTO. “Organizations can’t tell employees not to use their device microphones. Then it’s not a phone anymore, is it? What’s required are devices that recognize the environment and that can defend themselves appropriately,” Turner said.

Customized Defense

Some organizational policies might prohibit the download of these types of apps. Unless the right software is placed into the phone, employees might download them anyways. Another scenario is that an app accesses the mic even if the app itself doesn’t use it. Instead of shutting down the use of all apps (or even worse, perma-muting the mic) a better solution would be situation- and use- specific.

For example, companies could install software that blocks the use of the microphone to only when the phone is on or a button is pressed. This would effectively stop all unwanted listening, no matter what the source.  

Winning The Fight

While mobile increases the scope and efficiency of any enterprise, it also exposes sensitive data to ever evolving threats. Organizations that adopt a proactive defense strategy will move forward with greater confidence.

Mobile security tailor made to deter threats now and in the future. Contact OptioLabs today.

Share this blog

Leave a Reply

Your email address will not be published. Required fields are marked *