Abstract
Voice messages are an increasingly popular method of communication, accounting for more than 200 million messages a day. Sending audio messages requires a user to invest lesser effort than texting while enhancing the message’s meaning by adding an emotional context (e.g., irony). Unfortunately, we suspect that voice messages might provide much more information than intended to prying ears of a listener. In fact, speech audio waves are both directly recorded by the microphone and propagated into the environment, and possibly reflected back to the microphone. Reflected waves along with ambient noise are also recorded by the microphone and sent as part of the voice message. In this paper, we propose a novel attack for inferring detailed information about user location (e.g., a specific room) leveraging a simple WhatsApp voice message. We demonstrated our attack considering 7,200 voice messages from 15 different users and four environments (i.e., three bedrooms and a terrace). We considered three realistic attack scenarios depending on previous knowledge of the attacker about the victim and the environment. Our thorough experimental results demonstrate the feasibility and efficacy of our proposed attack. We can infer the location of the user among a pool of four known environments with 85% accuracy. Moreover, our approach reaches an average accuracy of 93% in discerning between two rooms of similar size and furniture (i.e., two bedrooms) and an accuracy of up to 99% in classifying indoor and outdoor environments.
Original language | English |
---|---|
Title of host publication | Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings |
Editors | Vijayalakshmi Atluri, Roberto Di Pietro, Christian D. Jensen, Weizhi Meng |
Publisher | Springer |
Pages | 595-613 |
Number of pages | 19 |
ISBN (Electronic) | 978-3-031-17143-7 |
ISBN (Print) | 978-3-031-17142-0 |
DOIs | |
Publication status | Published - 2022 |
Event | 27th European Symposium on Research in Computer Security, ESORICS 2022 - Virtual, Online Duration: 26 Sept 2022 → 30 Sept 2022 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 13556 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 27th European Symposium on Research in Computer Security, ESORICS 2022 |
---|---|
City | Virtual, Online |
Period | 26/09/22 → 30/09/22 |
Bibliographical note
Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-careOtherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.