EveGuard: Defeating Vibration-based Side-Channel Eavesdropping with Audio Adversarial Perturbations
Jung-Woo Chang, Ke Sun, David Xia, Xinyu Zhang, Farinaz Koushanfar
TL;DR
EveGuard tackles privacy leakage from vibration-based side channels by injecting imperceptible, domain-aware adversarial perturbations into playback audio. The approach combines a two-stage Perturbation Generator Model ($PGM$) with a few-shot Eve-GAN to model and perturb eavesdropper reconstructions, ensuring transferability across unknown attack models. Comprehensive evaluations across mmWave radar, IMU, and optical SSEAs demonstrate substantial protection gains (high $MCD$, high $WER$, low $DDR$, and favorable $PESQ$) while preserving human-perceived audio quality, validated by a user study. The work advances software-only defenses against vibrometry-based eavesdropping, offering practical latency and robustness against adaptive threats, with clear pathways for future expansion to other side channels and real-world deployments.
Abstract
Vibrometry-based side channels pose a significant privacy risk, exploiting sensors like mmWave radars, light sensors, and accelerometers to detect vibrations from sound sources or proximate objects, enabling speech eavesdropping. Despite various proposed defenses, these involve costly hardware solutions with inherent physical limitations. This paper presents EveGuard, a software-driven defense framework that creates adversarial audio, protecting voice privacy from side channels without compromising human perception. We leverage the distinct sensing capabilities of side channels and traditional microphones, where side channels capture vibrations and microphones record changes in air pressure, resulting in different frequency responses. EveGuard first proposes a perturbation generator model (PGM) that effectively suppresses sensor-based eavesdropping while maintaining high audio quality. Second, to enable end-to-end training of PGM, we introduce a new domain translation task called Eve-GAN for inferring an eavesdropped signal from a given audio. We further apply few-shot learning to mitigate the data collection overhead for Eve-GAN training. Our extensive experiments show that EveGuard achieves a protection rate of more than 97 percent from audio classifiers and significantly hinders eavesdropped audio reconstruction. We further validate the performance of EveGuard across three adaptive attack mechanisms. We have conducted a user study to verify the perceptual quality of our perturbed audio.