Radar Can Be Used To Eavesdrop On Smartphone Conversations, Penn State Scientists Show

(Photo by Prostock-studio on Shutterstock)

New research shows attackers could partially transcribe calls by sensing tiny earpiece vibrations with off-the-shelf radar

UNIVERSITY PARK, Pa. — That private phone call discussing your bank account details or personal medical information might not be as private as you think. Computer scientists at Penn State have developed a system that can remotely pick up portions of smartphone conversations by using commercially available radar technology to detect microscopic vibrations from phone speakers. These vibrations are far too tiny for the human eye to see or ear to hear, measuring just 7 micrometers.

Published in the Proceedings of WiSec 2025: 18th ACM Conference on Security and Privacy in Wireless and Mobile Networks, the research demonstrates how attackers could capture and partially transcribe calls from as far as 10 feet away. At close range, the system achieved up to 59.25% word accuracy at 50 centimeters (about 20 inches). At the maximum tested distance of 300 centimeters (about 10 feet), accuracy dropped to just 2-4 percent, enough for a few stray words, but far from a perfect transcript.

“This paper highlights the evolving risks of artificial intelligence and sensor systems being misused as technology advances,” the researchers wrote, noting that falling costs and miniaturization make such tools increasingly accessible.

Radar is best known for tracking airplanes or spotting cars in a blind spot, but at its core it’s simply a way of detecting movement by bouncing radio waves off objects and measuring the reflections. Most of the time, those objects are large — a jet, a vehicle, or even a speeding baseball. But radar can also pick up far subtler movements, like the surface of a smartphone vibrating when its earpiece speaker is active.

That’s the trick behind the Penn State system, called “WirelessTap.” During a phone call, the earpiece emits sound waves that make the entire phone vibrate ever so slightly. While a person can’t feel or see this motion, a sensitive millimeter-wave radar can. WirelessTap operates in the 77–81 GHz range, sending out high-frequency radio waves and measuring the minuscule changes in the returning signal. These changes form a vibration “fingerprint” that can be turned back into sound.

The process doesn’t involve hacking into the phone or breaking encryption. Instead, it’s more like spying on a conversation by watching the ripples in a glass of water next to the speaker. The radar only needs a direct line-of-sight to the phone’s surface to work.

From Vibrations to Words

Once the radar picks up the vibration patterns, they’re still far from readable speech. The signal is extremely degraded, missing much of the higher-pitched detail we rely on to understand language. To make sense of it, the researchers used an adapted version of OpenAI’s Whisper, a speech recognition system trained on vast amounts of audio. They taught Whisper to work with the “fuzzy” radar audio by first generating synthetic examples, then fine-tuning it with real recordings from their tests.

Because radar-captured audio lacks a lot of the normal speech frequencies, the transcripts aren’t perfect. But even incomplete recognition can be dangerous. If an attacker captures enough words and already knows the general topic of a conversation, they can often fill in the blanks. It’s like reading subtitles with a few missing letters — the human brain is surprisingly good at guessing the rest.

Radar sensors are getting smaller, cheaper, and more powerful, with some already selling for hobbyist projects. Improvements in AI speech recognition could also make it easier to reconstruct missing words from partial data. That’s why the Penn State team says it’s better to address the risks now than wait until the capability becomes more practical.

How Well It Worked

The Penn State team tested WirelessTap on three smartphones: Samsung Galaxy S20, Samsung Galaxy A22, and OnePlus 9 Pro. In lab conditions with the phones mounted on tripods, the Galaxy S20 produced the best results — 59.25% word accuracy at 50 cm. The A22 and OnePlus scored slightly lower, but all three saw a steep drop-off with distance. At 300 cm (about 10 feet), accuracy for every model was in the 2–4% range, which is too low for coherent sentences but can still yield isolated words.

They also tested a real-world scenario with a person holding the phone during a conversation. This added new challenges: the phone moved slightly, and the radar picked up other subtle motions like breathing and heartbeat. Even so, WirelessTap managed 40.82% accuracy at about 2½ to 3 feet. That’s far from a full transcript, but it’s enough for key phrases or numbers to slip through.

The researchers compared this to lip reading, where trained observers can maintain a conversation even if they catch only 30–40% of the words. They simply use context to fill in the rest.

It’s easy to assume that because your phone call is encrypted, no one can listen in without physically tampering with your device. But WirelessTap bypasses the call data entirely, working only from the tiny physical signals the phone produces during normal use. That means traditional security measures don’t stop it.

Possible WirelessTap Defenses

Potential scenarios range from corporate espionage to personal identity theft, if even part of a credit card number or password is overheard. And unlike wiretapping, this method doesn’t require cooperation from a service provider or access to a communications network.

The researchers suggest several ways to make phones less vulnerable. One is to add tiny vibration motors that create harmless “noise” patterns in the phone’s casing, masking the real signal. Another is to tweak the sound output in ways that confuse radar sensors without affecting what the human ear hears. A more low-tech fix could involve using materials around the earpiece that absorb or dampen vibrations.

While these ideas are still in the conceptual stage, they show that solutions are possible, but only if manufacturers see the need and act before the threat becomes widespread.

“When we talk on a cellphone, we tend to ignore the vibrations that come through the earpiece and cause the whole phone to vibrate,” said first author Suryoday Basak, doctoral candidate in computer science at Penn State, in a statement. “If we capture these same vibrations using remote radars and bring in machine learning to help us learn what is being said, using context clues, we can determine whole conversations. By understanding what is possible, we can help the public be aware of the potential risks.”

A Broader Lesson

WirelessTap is just the latest example of how advances in one field can create unexpected risks in another. Radar sensing is a legitimate and growing technology, used for everything from monitoring vital signs to enabling smart home automation. But the same sensitivity that lets it detect a sleeping baby’s breathing can, in the wrong hands, pick up the vibrations of a private phone call.

For the average person, the immediate risk is low. You’re unlikely to be targeted with a lab-built system that needs a direct, steady view of your phone. Still, the research is a reminder that privacy goes well beyond securing your data. It’s also about securing the physical signals your devices give off every time you use them.

“The goal of our work was to explore whether these tools could potentially be used by bad actors to eavesdrop on phone conversations from a distance,” said Basak. “Our findings suggest that this is technically feasible under certain conditions, and we hope this raises public awareness so people can be more mindful during sensitive calls.”

Disclaimer: This article summarizes peer-reviewed research presented at an academic conference. The described system, WirelessTap, is a controlled proof of concept, not a commercially available or widely deployed tool. While the method demonstrated can capture partial phone call transcripts under specific laboratory conditions, current limitations make real-world use challenging. The findings are intended to inform technology and privacy discussions, not to encourage misuse.