Researchers say that they have created a malicious Android application that uses the phone’s embedded camera and other spatial sensors to create 3D visual maps of the owner’s home and other spaces.
The proof of concept malware, dubbed PlaceRaider, was designed by researchers working for the U.S. Navy and the University of Indiana.
Running on Android mobile devices, it was designed to call attention to the ways that rapidly evolving mobile platforms might enable new forms of virtual theft.
Writing in a paper (pdf) published Thursday, the researchers said more powerful phones have created an opening for what they dub “sensory malware” that leverages the growing number of on-board sensors in the latest model mobile phones like the iPhone 5 and Android devices.
To prove their point, the researchers created PlaceRaider to demonstrate how remote hackers could construct “rich three-dimensional (3D) models of the smartphone’s owner’s personal indoor spaces”.
The malware uses a phone’s embedded sensors such as its GPS and accelerometer to determine when the victim was moving within the space. The onboard camera was then used to opportunistically snap shots of interior spaces and transfer them to a remote server which then assembles them to form a 3D model of the space.
Androids were particularly well-suited for the task. The authors noted, with surprise, that the Android API doesn’t require any special permissions for an application to access sensor data on the phone, such as the accelerometer or gyroscope.
And users could easily be tricked into granting those permissions that were needed – such as to access the camera or write to local storage – by bundling PlaceRaider into a camera app, the authors said.
In a test, the researchers installed PlaceRaider on a subject’s phone and tracked their movements and the spaces they occupied.
Researchers tested the ability of the application to export large quantities of data, and of the test subjects to then use that data to snoop on occupants: zooming in to observe the content of information displayed on computer screens or papers in the target’s home or workplace, according to the research report.
PlaceRaider and other malicious “sensory” applications like it are well within the capabilities of modern phones and modern malware authors.
However, they did have to clear some technical hurdles in implementing it. Heuristic sensors were needed to weed out junk photos that didn’t reveal any new information about a space and the volume of data collected by the malware is large enough that it could overwhelm a phone. That required the authors to create a way for PlaceRaider to automatically compress the data it was transmitting.
In addition to the malware, the authors also created tools to exploit the data the application collects. For example: they built a tool that would allow attackers to visually navigate a victim’s 3D space and zoom in on areas that might contain sensitive information. The phone could then be instructed to retrieve new, high resolution images of those spaces.
The authors recommend a number of changes to smartphones to make malware like PlaceRaider harder to implement.
Android and iOS devices could require permissions to access sensor data, and could alert users when applications appear to be using sensors – including the camera – in surreptitious ways.
Even small changes would have made it harder for PlaceRaider to achieve its goals. For example: phone makers might require physical interaction with the phone to operate the camera, or make it impossible to take a photo without the shutter sound.
PlaceRaider image, courtesy of PlaceRaider: Virtual Theft in Physical Spaces with Smartphones paper. Camera in pocket and eye spy images, courtesy of Shutterstock.
18 comments on “Proof of concept Android malware creates 3D maps of your home”
Oh, no. Not that. I hate shutter sounds.
There's a segment in the popular film "The Avengers" wherein SHIELD appears to be hacking every mobile device in an effort to visually locate the bad guys. Sounded like sci-fi stuff, but apparently it's not so very far off the mark after all.
Not just Avengers but Batman did this in Dark Knight in his effort to locate the Joker.
This is the very reason the Android App store requires tighter restrictions. They should take a leaf out of Apple's book and vet the apps -before- they reach the marketplace.
There is an obvious use for this, Industrial Espionage!
What about the free Sophos Mobile Security app that I have on my HTC Evo Design 3G smartphone? Would that help detect and prevent 'PlaceRaider' type malware?
"make it impossible to take a photo without the shutter sound."
Very bad and annoying idea… sometimes it can be very useful to take photos without a loud and stupid shutter sound. This is for this kind of "security" feature that people root their devices or don't buy certain brands.
And we all thought the sonic mapper in Nolan's "The Dark Knight" was something only meant for the movies.
Mighty android falling behind its rivals. What will happen to the fanboys ? Only god knows. Mass suicide I guess.
Android uses automated bouncer program to check the apps unlike apple which uses automated and manual checks to make sure they are safer. Charlie miller demonstrated that he can penetrate and bypass bouncer security and filter process.
I have the Samsung Galaxy Tab 10.1 – does anyone know if there is an app that I can install incase it gets taken/stolen/lost so I can track it? thanks
Sophos has a free one 🙂 It has anti-virus, loss protection (including remote wipe) and a surprisingly helpful privacy advisor.
Head to the Play Store and search for "Sophos" 🙂
Is it wrong that this sounds awesome?! I WANT this app…
Can the 3D environment be adapted as a Half-Life map?
Would they not just get some photos of the inside of people's pockets?
I wonder if they use the proximity sensor for that, or may be just use an algorithm that discards the pictures that are too dark.
I guess I'll put some masking tape over my phone camera's lens now.
Given that most phones are either face up/down if stationary or inside a pocket or bag, rather than hanging horizontally as you walk around, the camera hack isn't going to get much useful data.
Tracking user activities has changed from just IP address to physical location.
With such malware along with access to internal system, could take the entire system hostage.