Spy App Can Turn Smartphones Against You
Military malware called PlaceRaider can hijack phones to create 3D maps of the surrounding environments.
CREDIT: Robert Templeman et al | Naval Surface Warfare Center | School of Informatics Indiana University
The smartphone in your hands could get hijacked and used as an accessory to virtual burglary. U.S. military researchers have created a mobile app that creates 3D maps of a phone's immediate surroundings, possibly allowing spies or criminals to steal personal information and "download" the physical space to prepare for a break-in.
Such a troubling scenario comes from the "PlaceRaider" app that could disguise itself as an ordinary camera app for Android phones, according to researchers from the Naval Surface Warfare Center in Crane, Ind. and Indiana University in Bloomington.
The app sneakily uses the phone camera to take new images, while also collecting orientation data from the phone's accelerometer, the device that flips your screen horizontally. PlaceRaider can then upload the information to a central computer that combines the best images into a 3D virtual map of a person's house or office.
"We develop and demonstrate a tool that allows an attacker to visualize and navigate a victim's space in 3D, allowing them to quickly hone in on areas that likely contain sensitive or private information and then retrieve targeted, high-resolution images," said Robert Templeman, an engineer at the Naval Surface Warfare Center in Crane, Ind., and colleagues in an arXiv paper submitted on Sept. 26.
The computer experts explained how PlaceRaider would permit hackers to zoom in on sensitive information scattered around a room, such as financial statements, phone numbers, personal checks or a wall calendar showing travel plans.
PlaceRaider also showed how its 3D map, reconstructed from sneaky images, could give spies or criminals tools to plan for physical reconnaissance or burglary. The U.S. military's Special Forces might also find such a tool useful for scouting ahead of dangerous missions.
This example of a Trojan horse app uses the smartphone's own computing system to screen for only the most useful images and avoid transmitting blurry or dark photos. It then uploads the selected information to a command-and-control computer that can perform the actual 3D-map reconstruction.
Past hacking demonstrations have shown how to hijack smartphone microphones to "hear" sensitive conversations, or to harness a phone's accelerometer to "feel" vibrations from a computer keyboard and deduce keystrokes. But PlaceRaider's ability to create a 3D map of the physical space potentially makes smartphones even more effective tools for spying — for better and for worse.