Six researchers at Indiana University and the City University of Hong Kong have created a proof-of-concept program called Soundminer that’s capable of using a phone’s mic to listen out for credit card numbers. When a user either speaks or types their credit card’s digits into the phone, Soundminer parses the audio file, interprets the numbers, and sends them to another app that passes them on to a remote server.
The study says, “We implemented Soundminer on an Android phone and evaluated our technique using realistic phone conversation data.” The study showed that an individual’s credit card number can be reliably identified and stealthily disclosed. Therefore, the threat of such an attack is real, it said.
The idea behind it is to show how simple app asking for just permission to access the microphone which is under “Hardware Controls” that allow access to all audio settings can do harm..Even a seemingly harmless alarm clock application for Android asks for that privilege, as the researchers show in the video above.