Researchers from the U.S. Naval Surface Warfare Center have developed malicious software that can remotely seize control of the camera on an infected smartphone and employ it to spy on the phone’s user.
The malware, dubbed “PlaceRaider,” “allows remote hackers to reconstruct rich, three-dimensional models of the smartphone owner’s personal indoor spaces through completely opportunistic use of the camera,” the researchers said in a study published last week.
The program uses images from the camera and positional information from the smartphone’s gyroscopic and other sensors to map spaces the phone’s user spends a lot of time in, such as a home or office.
“Remote burglars” could use these three-dimensional models to “study the environment carefully and steal virtual objects [visible to the camera] … such as as financial documents [or] information on computer monitors,” the researchers reported.
The program they developed for research purposes easily could be disguised by a malicious user as an app — the programs that run on smartphones — and unwittingly downloaded by victims, according to the study, which first was reported by the newsblog ThreatPost.
Because users often do not realize that a smartphone is basically a small computer, and because there are few security products available, smartphones are considered highly vulnerable to hackers.
Commercial software, for instance, can turn smartphones into microphones and tracking devices.
But PlaceRaider is the first known example of malware developed to exploit the high-definition cameras that are now ubiquitous on smartphones.
The study was a collaboration between the Navy center team and researchers from the School of Informatics and Computing at Indiana University.
The malware would come coded inside of a camera application that the user would download. The malware, called PlaceRaider, would then randomly take pictures throughout the day and carefully piece them together to garner a three-dimensional image of where the user is. The camera is able to create a great rendition of the environment by knowing what orientation the camera is in during the picture, as well as the time and location.
The camera dismisses all pitch black pictures that might be taken while the camera is face-down, in a pocket or inside of a purse.
Hackers can then use the 3D rendition to look through the room and find anything valuable and worth stealing, including things like social security numbers, credit card information, and checking account numbers from documents laying around.
The app ‘PlaiceRaider’ was created by US military experts at Naval Surface Warfare Center in Crane, Indiana, to show how cybercriminals could operate in the future, the Daily Mail reported.
The creators even demonstrated how they could read the numbers of a cheque book when they tested the Android software on 20 volunteers.
As long as the app could be installed on the users phone, it can instantly begin beaming back images from the phone when it senses the right conditions, and software on the other end can then re-construct maps of the visited room.
The team gave their infected phone to 20 individuals, who did not know about the malicious app, and asked them to continue operating in their normal office environment.
The team said they could glean vital information from all 20 users, and that the 3D reconstruction made it much easier to steal information than by just using the images alone.
Researcher Robert Templeman said their app can run in the background of any smartphone using the Android 2.3 operating system.
Still feeling good about that new Android (open source software) phone with the HiDef built in cameras?
Think your iPhone or Windows phone is immune? It won’t be for long.
We are leaving the LIGHT on for you to have eyes to see!If you wish to help SRT dispel the darkness in the land and over the people you can support the team by using the button on our website. Available for order – The Supernatural Battle