Differential Pressure Sensors are widely deployed to monitor critical environments. However, our research unveils a previously overlooked vulnerability: their high sensitivity to pressure variations makes them susceptible to acoustic side-channel attacks. We demonstrate that the pressure-sensing diaphragms in DPS can inadvertently capture subtle air vibrations caused by speech, which propagate through the sensor's components and affect the pressure readings. Exploiting this discovery, we introduce \textbf{BaroVox}, a novel attack that reconstructs speech from DPS readings, effectively turning DPS into a "fly on the wall." We model the effect of sound on DPS, exploring the limits and challenges of acoustic leakage. To overcome these challenges, we propose two solutions: a signal-processing approach using a unique spectral subtraction method and a deep learning-based approach for keyword classification. Evaluations under various conditions demonstrate BaroVox's effectiveness, achieving a word error rate of 0.29 for manual recognition and 90.51\% accuracy for automatic recognition. Our findings highlight the significant privacy implications of this vulnerability. We also discuss potential defense strategies to mitigate the risks posed by BaroVox.

翻译：压差传感器被广泛部署用于监测关键环境。然而，我们的研究揭示了一个先前被忽视的漏洞：其对压力变化的高度敏感性使其容易受到声学侧信道攻击。我们证明，压差传感器中的压力感应膜片会无意中捕获由语音引起的细微空气振动，这些振动通过传感器组件传播并影响压力读数。基于这一发现，我们提出了 \textbf{BaroVox}，一种从压差传感器读数中重建语音的新型攻击方法，有效地将压差传感器变成了"隔墙之耳"。我们对声音影响压差传感器的效应进行建模，探索了声学泄漏的局限性和挑战。为了克服这些挑战，我们提出了两种解决方案：一种是采用独特谱减法进行信号处理的方法，另一种是基于深度学习的关键词分类方法。在各种条件下的评估证明了 BaroVox 的有效性，在人工识别中实现了 0.29 的词错误率，在自动识别中实现了 90.51\% 的准确率。我们的研究结果突显了此漏洞的重大隐私影响。我们还讨论了潜在的防御策略，以减轻 BaroVox 带来的风险。