Smartphone malware used to create 3D models of physical spaces

first_imgMalware on a desktop is a scary enough prospect on it’s own, since computers often store lots of personal information. But in many ways the idea of malware on a smartphone is even more troubling. People trust their smartphones with information about what they do, where they are, and what they say on the phone — all things that could be dangerous if malware starts leaking to an outside party. But as the US Naval Surface Warfare Center demonstrated recently, one of the most worrisome mobile malware threats is camera hardware.With some help from Indiana University, NSWC created PlaceRaider, a “visual malware” that can run in the background of an Android 2.3 phone. Once installed, PlaceRaider takes regular pictures of the smartphone’s surroundings while silencing the camera noise to prevent the user from catching on. The malware then filters out dark and low-quality images using some lightweight computation, and uploads the remaining ones to an external server. And that’s where things get really creepy.The uploaded photos are tagged not only with location data, but with positional data from the gyroscopic sensors. Using that additional information, the researchers were able to reconstruct the image collections into 3D models of the phone’s environment, which could then be easily browsed for sensitive information.Of course, an app laden with a PlaceRaider-style malware would need the user to grant it certain permissions, but that’s not much protection. The program only needs to be given access to the camera, external storage, network, and multimedia settings (for turning off the shutter noise). All of those capabilities would seem innocuous on a camera app advertised as having multimedia functions. The gyroscope and accelerometer information would be no problem, since currently Android and iOS don’t require permissions for those sensors.The researchers offer several options for reducing the threat of visual malware, such as requiring that a physical button be pressed for the camera to operate, but ultimately the best defense is users that are careful about what they install.via Technology Reviewlast_img

Recommended Reading

Discuss

Your email address will not be published. Required fields are marked *