Main Area and Open Discussion > General Software Discussion

Cool New Malware/Spyware ;)

(1/2) > >>

Renegade:
Saw this little story on some new, pretty sophisticated software that spys on you, maps your house layout using the camera and sensors (gyro):

http://www.washingtontimes.com/news/2012/oct/2/new-software-uses-smartphone-camera-spying/

New software uses smartphone camera for spying


Researchers from the U.S. Naval Surface Warfare Center have developed malicious software that can remotely seize control of the camera on an infected smartphone and employ it to spy on the phone’s user.

The malware, dubbed “PlaceRaider,” “allows remote hackers to reconstruct rich, three-dimensional models of the smartphone owner’s personal indoor spaces through completely opportunistic use of the camera,” the researchers said in a study published last week.

The program uses images from the camera and positional information from the smartphone’s gyroscopic and other sensors to map spaces the phone’s user spends a lot of time in, such as a home or office.

“Remote burglars” could use these three-dimensional models to “study the environment carefully and steal virtual objects [visible to the camera] … such as as financial documents [or] information on computer monitors,” the researchers reported.


--- End quote ---

First reported here:

http://threatpost.com/en_us/blogs/new-android-malware-app-turns-phone-surveillance-device-100112

Mobile malware has largely been limited to Trojans buried inside a malicious app targeting sensitive data stored on the phone such as email, contact information and SMS messages. A new proof-of-concept piece of malicious software, however, expands the scope of mobile malware and essentially turns an Android device into a surveillance tool, bringing a while new range of security and privacy implications into the equation.

Researchers from the Naval Surface Warfare Center and Indiana University’s School of Informatics and Computing introduced PlaceRaider late last week, putting a new spin on burglary and espionage while coining the term visual malware. PlaceRaider exploits innate weaknesses in Android to use the phone’s camera to surreptitiously take photographs, and send that data off to a command and control server where an attacker could build a 3D model of the victim’s environment.

“Remote burglars can thus download the physical space, study the environment carefully and steal virtual objects from the environment such as as financial documents, information on computer monitors and personally identifiable information,” the researchers wrote in a paper published last week.
--- End quote ---

The announcement:

http://arxiv.org/pdf/1209.5982v1.pdf

PlaceRaider: Virtual Theft in Physical Spaces with Smartphones
Robert Templeman
y;z
, Zahid Rahman
y
, David Crandall
y
, Apu Kapadia
y
y
School of Informatics and Computing
zNaval Surface Warfare Center
Indiana University Crane Division
Bloomington, IN, USA Crane, IN, USA
September 27, 2012
Abstract
As smartphones become more pervasive, they are increasingly targeted by malware. At the
same time, each new generation of smartphone features increasingly powerful onboard sensor
suites. A new strain of `sensor malware' has been developing that leverages these sensors to steal
information from the physical environment | e.g., researchers have recently demonstrated how
malware can `listen' for spoken credit card numbers through the microphone, or `feel' keystroke
vibrations using the accelerometer. Yet the possibilities of what malware can `see' through a
camera have been understudied.
This paper introduces a novel `visual malware' called PlaceRaider, which allows remote at-
tackers to engage in remote reconnaissance and what we call \virtual theft." Through completely
opportunistic use of the phone's camera and other sensors, PlaceRaider constructs rich, three
dimensional models of indoor environments. Remote burglars can thus `download' the physical
space, study the environment carefully, and steal virtual objects from the environment (such
as nancial documents, information on computer monitors, and personally identiable informa-
tion). Through two human subject studies we demonstrate the eectiveness of using mobile
devices as powerful surveillance and virtual theft platforms, and we suggest several possible
defenses against visual malware.
--- End quote ---

Seriously... check the PDF - I'm too lazy to fix that. :(

Anyways, it's some pretty sophisticated stuff. Guess the crackers have new competition. :P

f0dder:
Too lazy to read the PDF, but...

how often do any of you guys have your smartphone camera pointed at anything interesting? When I'm carrying mine around, it's usually in one of my pockets. *If* the camera can be activated while making phone calls, I guess I could be mapped - while I don't do a lot of phone calls at home, I do tend to shuffle around when I do.

Renegade:
You're sitting at your desk. Someone calls. You raise your phone to see whose calling. They just nabbed your computer screen.

Yep - Boring most of the time, but it's those little, opportune moments that count, and they're probably more common than you'd initially think.

As for the PDF, it gets into some technical stuff that's interesting, but probably not worth the time for most people to read it.

f0dder:
You're sitting at your desk. Someone calls. You raise your phone to see whose calling. They just nabbed your computer screen.-Renegade (October 03, 2012, 07:55 AM)
--- End quote ---
Taking the phone from my pocket, they'd get snaps of my floor, and perhaps (if lighting conditions are bad) some snaps of my cluttered desk. But my monitors? Nope.

If I do decide to take the call (and the camera can be activated while a call is ongoing), they'd be able to get snaps of pretty much everything in my apartment, considering how restlessly I usually shuffle around while talking :)

wraith808:
You're sitting at your desk. Someone calls. You raise your phone to see whose calling. They just nabbed your computer screen.

Yep - Boring most of the time, but it's those little, opportune moments that count, and they're probably more common than you'd initially think.

As for the PDF, it gets into some technical stuff that's interesting, but probably not worth the time for most people to read it.
-Renegade (October 03, 2012, 07:55 AM)
--- End quote ---

Nope.  They'd get a blank blue screen or my speaker.  At home and at work, when I'm at my computer, my phone is on a stand and I just glance at it and hit the button if I want to answer.

Navigation

[0] Message Index

[#] Next page