So you thought you were safe, cooped up in the privacy of your own home, with the doors locked and the windows shut tight? Well, if you own a smartphone, you might want to think again…
Details of a new kind of ‘visual’ malware are just emerging, an altogether different beast that has to rank as one of the most unsettling ideas that hackers have ever conceived (and believe me, they’ve had some creepy ideas in the past).
Dubbed “PlaceRaider”, the malware in question has been designed to work on any Android phone running version 2.3 or above, and disguises itself in a photography app that gives it all the permissions it needs to access your camera and the images stored on your phone. The moment it’s installed, PlaceRaider sparks to life, snapping away random photos of you and your life without your knowledge, and tagging them with the time and (your) location.
This isn’t the most troubling aspect of PlaceRaider however, as it gets worse, far worse. PlaceRaider is intelligent enough to sort through all the photos it takes, deleting the blurred or dark ones, before uploading the rest of them to a central server. Using the location tags, the malware is able to piece together each of the photos taken within a single room or office, slowly but surely building up an incredibly detailed 3D representation of its layout, including all of the objects, the furniture, your bed, where you are…
The implications of PlaceRaider are pretty horrendous should the malware ever fall into the wrong hands. Not only is there the potential for theft (from both burglars AND hackers who can photograph your financial documents left lying around), but the ‘app’ could make your regular stalker or psycho’s job one hell of a lot easier too.
Breathe a sigh of relief then, for the malware is unlikely to find its way onto your smartphone anytime soon. Thankfully, PlaceRaider (so far) is in the safe hands of Robert Templeman and his fellow researchers at the Naval Surface Warfare Center, who created it in a joint project with experts from the School of Informatics and Computing at Indiana University.
Templeman said that the main reason for developing the malware was to expose one of the biggest vulnerabilities within smartphones – their cameras – and illustrate the potential damage they could do. PlaceRaider was tested on a group of twenty, unwitting individuals, who were each given a phone to take to work with them. In several cases, they were able to build complete 3D models of the test subject’s office environment, and snap photos of various documents left lying around.
Templeman says that smartphone users needn’t be worried, stressing that the logistics involved in knitting all of the captured images into a 3D model would be well beyond all but the most capable of bad guys. But then again, when you consider that the Russian mafia are said to be making $2.3 billion a year from cybercrime, would it really be that hard??