US Navy Helps Create Camera-Hijacking Smartphone Malware

US Navy Helps Create Camera-Hijacking Smartphone Malware

image

PlaceRaider quietly builds a model of your world as seen through your Android smartphone.

Tinfoil hats at the ready, ladies and gentlemen: Researchers at the United States Naval Surface Warfare Center in Crane, Indiana, in cooperation with scientists from the University of Indiana, recently set out on a mission to see what security flaws they could uncover in smartphone devices running on Android 2.3 and above. After a few months of tinkering, their investigations led them to create a piece of smartphone malware that silently takes photos using your device's camera, uploads them to a central database, and then uses the photos to construct a 3D image of your surroundings for the purpose of stealing things from said surroundings at a later date.

The team named their sneaky malware PlaceRaider, and described details of its use by saying that "remote burglars" could use it to "download the physical space, study the environment carefully, and steal virtual objects from the environment (such as financial documents, information on computer monitors, and personally identifiable information)." In addition to visual information stolen from your camera, the malware also picks up location and orientation data from across your smartphone's sensors that enable it to place you, quite precisely, in the world. A simple image filter designed to detect extremely dark or blurry image patterns stops the app from inundating its servers with pictures of the inside of your jacket pocket. Any noises associated with its activities - such as the little shutter noises some smartphone cameras make - are disabled. All in all, it's a pretty impressive piece of work.

According to the researchers, PlaceRaider would gain access to your phone by basically sneaking in behind a legit-sounding download that asks your permission to access your phone's sensor systems (think Instagram, for instance, or one of its ilk). Once inside, it would run as a background program.

In order to test the malware, the team gave 20 unsuspecting smartphone fans an infected phone each and set about testing how much personal information they could glean from the data the malware sent back. In doing so the team discovered that, A) The photos are really pretty good for stealing information and, B) The photo-generated 3D models are even better for stealing information. Neat, huh?

Oh, and before anyone with an iPhone thinks of getting on some kind of Android-is-inferior shaped horse over this, it's worth noting that the app's creators "expect such malware to generalize to other platforms such as iOS and Windows Phone." We're all in this together, friends.

While there are infinite upsides to living in a super-connected, tech-based world, exploitable security flaws of this kind (not to mention those present in desktop computers; Flame says hello) serve as sobering reminders of the potential downsides. This time, it was a benign team of scientific researchers who found the flaw and exposed it to the world, dragging it out into the light and reminding us to pay attention to what permissions an app asks for when we consider downloading it. The era of smartphone-based antivirus programs is almost here, but til then, I hear tinfoil's set to be one of the hottest trends of winter 2012/13. That hat is so totally you.

Source: arXiv via Technology Review

Permalink

Wars that will be won with this tech: 0
Phones that will be hacked using this tech: infinite
Time until it is acquired by ill intentioned 3rd Party: ...too late.

AVG (award-winning & free antivirus software) has an android app.

Thought some of you might like to know :)

I actually have a hinged camera lens on my phone cover, so I already defeated this malware. Oops.

Isn't Android open source? So we'll probably see a patch for this in about what, a week?

I doubt that a lot of people aim their mobile camera to sensitive documents and or the screen with sensitive information.

I aprecciate the tin foil hat joke but the malware is far from trying to read peoples minds.

This just makes me that much happier that my BookBook case has no lens hole on it. The only time it is able to take a photo, is when I'm taking a photo. May not be perfect, but works for me.

I don't have a smartphone, my phone can't text or go online.
Xan Krieger-1, Military- 0

Cool I guess? If people want to take a whole bunch of photos and see what the inside of my pocket looks like, more power to them I guess

image

Anythings hackable, so long as you can get at it or have access to it through the internet. besides, I'm sure the American military is working on way cooler projects that can work against there own country as we speak!
So awesome right?!

Hevva:
All in all, it's a pretty impressive terrifying piece of work.

Fix'd that for ya. Darn that autocorrect, amiright?

The fact that the US Navy assisted with this just makes me feel even better. I think we've found a new use for that shiny new datacenter in Utah.

Ya, you people wonder why I am paranoid. Yall, wonder why I have firearms and ammo "strategically located" within a 30 mile radius too me. Yall, still think I am crazy?

But seriously, lens cover and do not download anything. EVER!!! This is only what they are telling us. What are they NOT telling us?

image

Is it time?

If there was ever a time to believe the local hobo's claims of "The gu'b'ment stole m'teeffs!" now would be appropirate.

Wars will surely be won with those top-secret photos of my pants pockets and jacket!

I'm sure pictures of my pocket lint and the palm of my hand will "stop da teoorists 4 merika!"

Reginald the Butler:
Wars will surely be won with those top-secret photos of my pants pockets and jacket!

Poisoned Al:
I'm sure pictures of my pocket lint and the palm of my hand will "stop da teoorists 4 merika!"

Guys, the article openly states that images that are extremely dark, like the inside of a pocket, are filtered out.

Hevva:
US Navy Helps Create Camera-Hijacking Smartphone Malware

A simple image filter designed to detect extremely dark or blurry image patterns stops the app from inundating its servers with pictures of the inside of your jacket pocket.

_______________________________________________

OT: People just need to know what programs they want to allow access to the phone and deny everything else, doesn't seem too hard to avoid this issue.

To be honest, this is actually rather impressive. I imagine it could be used in wars as a reconnaissance method.

Hevva:
Researchers at the United States Naval Surface Warfare Center in Crane, Indiana, in cooperation with scientists from the University of Indiana, recently set out on a mission to see what security flaws they could uncover in smartphone devices... ...construct a 3D image of your surroundings...

I thought Wayne Enterprises already had produced one of these. Theirs was a lot cooler too.

Awww, I was expecting download link somewhere it the article :P

Because the "bad guys"/"terrorists"/etc. all have smart phones right? Oh wait, it's regular people.
And this isn't news, it has existed for a while (years).

Pinkamena:
To be honest, this is actually rather impressive. I imagine it could be used in wars as a reconnaissance method.

yeah, you just need the phone number of taliban guy #5671923

-Dragmire-:

Guys, the article openly states that images that are extremely dark, like the inside of a pocket, are filtered out.

So it'll get the bathroom floor, the ceiling above my bed and the inside of a car/train. You could get more from just posing as a delivery man and knocking on my door.

Edito: Scratch that, plumber would work better.

Damn, Lucius Fox is going to be pissed...

He's going to sue, I bet.

I almost missed this news, and it is interesting for me since it hits close to home because I only live a few miles away from Crane.

My mom use to work there and my dad still does. I always found it odd that a major US naval center was placed near the middle of the country.

Sounds cool.

Make it open source, let the good times of infinite lulz begin.

It would be Back Orifice all over again, in glorious 3D. You wouldn't believe the transparency granted from random citizens and corporations. Scientology freaks, pedophiles, ISPs... they were all up for grabs, and it was splendid comedy, drama and horror all rolled into one. That was some splendid fun. The most activity for seemingly coordinated amateur spying we could trace came from Turkey, other Arab states and China. Guess they just couldn't resist some free remote administratin'.

They were running a public experiment with a university. Experiments like these are designed to counter cybercrimes/terrorism and learn how to fight them, not to use them against citizens. At least that is how they start...

jetriot:
They were running a public experiment with a university. Experiments like these are designed to counter cybercrimes/terrorism and learn how to fight them, not to use them against citizens. At least that is how they start...

In all seriousness - imagine this app as a friendly little helper in the hands of an officer in the field - instant 3D maps of any location. Something like the little scanners in Prometheus.

I think that would be genuinely awesome.

I don't have a smart phone, nor am I paying for online service...

But even if they DID get my camera on my phone to work, I don't really care as all they'd get is photos of my ceiling or inside my pants. And if they want photos of the inside of my pant pockets that badly, they can have them. :P

Yep, I'm gonna start putting duck tape on my camera now.

I don't think this kind of software would manage to do much with my phone. If the phone isn't in my pocket it's laying with the camera face down on my night stand. I'm sure they'll get great pictures during the 3 seconds it's in mid air and pointed at my wall 6 inches away though.

So then, not so much a massive gaping security hole in the system as a severe case of PEBKAC? Or am I the only one who does careful research before I install anything on any device which requires user permissions and doesn't get their phone software from shifty Russian torrent sites?

I mean come on guy, this is like saying all computers have massive security flaws because some among the ranks of the cretinously tech-inept think that clicking the link on the flashing "YOU AR THE 1000TH WINNER OF THE PRIZE CLICK HARE!!!" popup that showed up on their screen is a good idea. Or that email is inherently insecure because there really are people out there gullible enough to think that an exiled Nigerian prince needs their help to secure their millions.

There are precisely two locations they would glean from my phone. My pocket and my bedroom, and if they don't take fairly frequent photos they'll probably only get the back of my TV, my door, and some of my bed. Congratulations, you now know - oh wait s*** my planner is on the back of my door.

Thank God I never write anything on it.

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here