QIF-T0080

high

Gyroscope acoustic eavesdropping (MEMS speech capture via resonant frequency aliasing)

Tier 3 — Demonstrated (Lab-proven)

Legacy status: DEMONSTRATED

MEMS gyroscopes in smartphones sample at 100-200 Hz, with mechanical resonant frequencies in the audible speech range (100-8000 Hz). When sound waves strike the MEMS proof mass, they induce vibrations that alias into the gyroscope output. Michalevsky et al. (2014) demonstrated that gyroscope data alone can reconstruct intelligible speech features, identify speakers, and detect spoken digits — all without microphone permission. Android allowed gyroscope access without any permission until API level 33. This creates a covert audio surveillance channel through an 'inertial' sensor that apps access freely. Combined with accelerometer data (T0081), reconstruction quality improves significantly. The attack requires no hardware modification — only a software app with motion sensor access.

Technique Details

Tactic: QIF-S.RP
Status: DEMONSTRATED
Bands: S1, S2, S3

✚ Therapeutic Application

MEMS gyroscope mechanical resonance captures airborne acoustic vibrations; speech features reconstructed via signal processing of motion sensor output

Neural Impact

3 of 7 neural bands affected

S1 S2 S3

Drag to rotate. Click a region to learn more.

Click or hover over a glowing region to see the attack techniques targeting it and their severity.

Scoring

NISS v1.1 NISS:1.1/BI:N/CR:N/CD:N/CV:E/RV:F/NP:N

CVSS v4.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

1.4Low

Governance

Neurorights at Risk

This technique threatens 1 of the 4 proposed neurorights (Ienca & Andorno, 2017).

MP Mental Privacy

Consent Complexity

0.12 / 4.0

FDORA §3305 Compliance

Cyber Device

Regulatory Coverage

0.5 / 1.0

524B Requirements

TM VA SBOM SA PM

Regulatory Gaps

! No FDA pathway for consumer sensor exploitation
! Software-only attack without software lifecycle standard (IEC 62304)

Population Vulnerability

CRB vulnerability adjustment (γ=0.30) accounts for age, diagnosis severity, consent capacity, and device dependency.

Population	NISS Base	Adjusted	Severity	Delta
Adult (Default)	1.4	1.4	Low	-
Child (10yr) + ADHD	1.4	1.6	Low	+0.25
Adult with ALS	1.4	1.6	Low	+0.23

Validation Status

Theoretical / Not yet validated. This technique has not been independently tested. See the validation dashboard for what has been tested.

Qinnovate Neural Security Atlas Edit this on GitHub