• Septimaeus@infosec.pub
    link
    fedilink
    arrow-up
    2
    ·
    11 months ago

    That certainly would make the data smuggling easier. What about battery though? I assume that requires inference and at least rudimentary processing.

    How would a background process do this in real time on a mobile device without leaving traceable evidence like cpu time?

    • steveman_ha@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      11 months ago

      What if its not streaming? What if its just cached for future access, e.g. next time the user opens the app (and network traffic spikes anyways) maybe?

      • Septimaeus@infosec.pub
        link
        fedilink
        arrow-up
        3
        ·
        11 months ago

        That’s possible too, and in general I’d think a foreground application currently in use alleviates most of the technical restrictions mentioned (read: why we never install FB).

        But again we must assume some uncommon device privileges and we still haven’t solved the problem of background energy usage required to record and/or process a real time feed.

    • BrownTree33@lemmy.ml
      link
      fedilink
      arrow-up
      2
      ·
      11 months ago

      Can it be implemented on pc? They often turned on and people speak around them too. Cpu activity much harder to trace when there are a lot of different processes. Someone can blame their phone, while it listening pc near by.

      • Septimaeus@infosec.pub
        link
        fedilink
        arrow-up
        4
        ·
        11 months ago

        Yeah outside mobile devices I imagine there’s a lot more leeway technically speaking. I’d be far more inclined to suspect a smart TV or a home assistant appliance like Amazon Echo, for example. And certainly there are plenty of PCs out there that are 100% compromised.

        But it’s the phone that people often think of as eavesdropping on their conversations. The idea is stickier perhaps because it’s a more personal violation. And I wouldn’t put it past data brokers by any means. They would if they could. I’ve just yet to hear a feasible explanation of how they can without being caught. Hence my doubt.