Skip to content

QIF-T0081

high

Accelerometer speech reconstruction (vibration-to-audio via surface-coupled MEMS)

Tier 3 — Demonstrated (Lab-proven)

Legacy status: DEMONSTRATED

Modern smartphone accelerometers (ADXL345, BMI270) have sufficient sensitivity to capture speech vibrations transmitted through surfaces. When a phone lies on a table during a conversation, or is held against the ear during a call, speech vibrations propagate through the phone chassis to the MEMS accelerometer. Ba et al. (2020) used deep learning to reconstruct intelligible speech from accelerometer data alone, achieving speaker identification and keyword recognition. Unlike the gyroscope attack (T0080), accelerometers benefit from direct surface coupling — speech vibrations transmitted through desks, tables, or the user's hand provide stronger signal. Like T0080, accelerometer access required no permission on Android until recent API changes. The combination of gyroscope + accelerometer data (sensor fusion) significantly improves reconstruction quality over either sensor alone.

Technique Details

Tactic
QIF-S.RP
Status
DEMONSTRATED
Bands
S1, S2, S3

Therapeutic Application

MEMS accelerometer captures speech vibrations transmitted through surfaces or phone chassis; deep learning reconstructs intelligible audio from motion sensor data

Neural Impact

3 of 7 neural bands affected

S1 S2 S3

Drag to rotate. Click a region to learn more.

Click or hover over a glowing region to see the attack techniques targeting it and their severity.

Scoring

NISS v1.1 NISS:1.1/BI:N/CR:N/CD:N/CV:E/RV:F/NP:N
CVSS v4.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
1.4Low
BICRCDCVRVNP
 

Governance

Neurorights at Risk

This technique threatens 1 of the 4 proposed neurorights (Ienca & Andorno, 2017).

MP Mental Privacy
Consent Complexity
0.12 / 4.0

FDORA §3305 Compliance

Cyber Device
Regulatory Coverage
0.5 / 1.0
524B Requirements
TM VA SBOM SA PM
Regulatory Gaps
  • ! No FDA pathway for consumer sensor exploitation
  • ! Software-only attack without software lifecycle standard (IEC 62304)

Population Vulnerability

CRB vulnerability adjustment (γ=0.30) accounts for age, diagnosis severity, consent capacity, and device dependency.

Population NISS Base Adjusted Severity Delta
Adult (Default) 1.4 1.4 Low -
Child (10yr) + ADHD 1.4 1.6 Low +0.25
Adult with ALS 1.4 1.6 Low +0.23

Validation Status

Theoretical / Not yet validated. This technique has not been independently tested. See the validation dashboard for what has been tested.

Qinnovate Neural Security Atlas Edit this on GitHub