If you think malware can only harm you in the digital world, think again. Military researcher Robert Templeman from the Naval Surface Warfare Center in Crane, Indiana, and a team from Indiana University created an Android app called PlaceRaider that taps into your Android smartphone’s camera and takes pictures of your surroundings, which attackers can then stitch together to reveal incriminating information about where you live and work. Here’s a snippet of the thinking behind the app:
Through completely opportunistic use of the camera on the phone and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments. Remote burglars can thus download the physical space, study the environment carefully, and steal virtual objects from the environment (such as financial documents, information on computer monitors, and personally identifiable information). Through two human subject studies we demonstrate the effectiveness of using mobile devices as powerful surveillance and virtual theft platforms, and we suggest several possible defenses against visual malware.
To test the app, Indiana University team handed out infected Android phones to a group to see just how effective the app was. Well, it turns out the app was pretty darn effective – with the app’s help, the group was able to take several pictures and reconstruct 3D models of the users’ surroundings, which then allowed them to steal sensitive information like credit card numbers and the like. While the app was made purely for research purposes, it kind of scares us a bit to know technology is completely capable of turning your most trusted tool against you.
Source: Cornell University