Creepy Smartphone Malware Re-creates Your Home For Stalkers

from the whose-side-are-you-on? dept

It's become something of a cliché that anyone with a mobile phone is carrying a tracking device that provides detailed information about their location. But things are moving on, as researchers (and probably others as well) explore new ways to subvert increasingly-common smartphones to gain other revealing data about their users. Here's a rather clever use of malware to turn your smartphone into a system for taking clandestine photos -- something we've seen before, of course, in other contexts -- but which then goes even further by stitching them together to form a pretty accurate 3D model of your world:

This paper introduces a novel visual malware called PlaceRaider, which allows remote attackers to engage in remote reconnaissance and what we call virtual theft. Through completely opportunistic use of the camera on the phone and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments.
The use of 3D reconstructions overcomes a potential problem with ordinary spyware: there's often too much data whose significance is unclear. That makes finding anything interesting hard. The solution here is to combine all the data into a unified, virtual reconstruction that can then be navigated by snoopers looking for significant items just as they might if they were rooting through your physical space.

The full academic paper "PlaceRaider: Virtual Theft in Physical Spaces with Smartphones" (pdf) makes for fascinating reading, even if it doesn't seem to understand the difference between "theft" and "surveillance". It includes the following rather fanciful description of how this 3D-spying capability might be used. It's rather over the top, but it gives an idea of what's theoretically possible:

Alice does not know that her Android phone is running a service, PlaceRaider, that records photos surreptitiously, along with orientation and acceleration sensor data. After on-board analysis, her phone parses the collected images and extracts those that seem to contain valuable information about her environment. At opportune moments, her phone discretely transmits a package of images to a remote PlaceRaider command and control server.

Upon receiving Alice's images, the PlaceRaider command and control server runs a computer vision algorithm to generate a rich 3D model. This model allows Mallory, the remote attacker, to immerse herself easily in Alice's environment. The fidelity of the model allows Mallory to see Alice's calendar, items on her desk surface and the layout of the room. Knowing that the desktop surface might yield valuable information, Mallory zooms into the images that generated the desktop and quickly finds a check that yields Alice's account and routing numbers along with her identity and home address. This provides immediate value. She also sees the wall calendar, noticing the dates that the family will be out of town, and ponders asking an associate who lives nearby to 'visit' the house while the family is away and 'borrow'; the iMac that Mallory sees in Alice's office.
Well, maybe not. But what's more interesting is the way that smartphone malware is able to gather enough information to allow the detailed reconstruction of complex spaces. The paper includes some impressive 3D reconstructions from apparently random images that have been stitched together. These and the research project that produced them are a salutary reminder that useful as they are, smartphones also bring with them new dangers that need to be considered and, ultimately, addressed.
Follow me @glynmoody on Twitter or identi.ca, and on Google+



Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    go ask alice, Oct 5th, 2012 @ 8:18pm

    dumb ass says what.

    put a piece of a stickie note over your camera, or talk with your finger over it, place it camera side down when not in use. I missed is how Alice got it on her phone in the first place. Sounds like Alice is an idiot for downloading shit she shouldn't.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Dave Xanatos, Oct 5th, 2012 @ 9:07pm

    [this space intentionally left blank]

    Anybody else think "Cool! I want my smartphone to map my house!" Can I find this on Google Play?

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Colin, Oct 5th, 2012 @ 9:57pm

    Umm, what is a close-up view of her inner ear exactly going to tell you?

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    Miff (profile), Oct 5th, 2012 @ 10:02pm

    Re: [this space intentionally left blank]

    Yeah, I was going to the comments to say just this!

    I'd really like software that does this, but sends the images to me instead of a third party. That'd be cool.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Optically challanged, Oct 5th, 2012 @ 10:31pm

    Re:

    Yes because every phone has its camera where you put your ear.

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    G Thompson (profile), Oct 5th, 2012 @ 11:36pm

    Re: [this space intentionally left blank]

    Actually I immediately thought..

    What an amazing idea for crime scene photo's, be they for private usage (ie: insurance claims) or criminal investigations (ie: Police, etc)

    WANT!

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Zos (profile), Oct 6th, 2012 @ 1:09am

    i'm confused. is this something that was found out in the wild, or just a "what if" extrapolating from current capabilities?

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Chilly8, Oct 6th, 2012 @ 2:13am

    I wonder if there is any way to find out exactly what IP addresses this app connects with. Since my phone uses my wireless route, which goes through Internet Connction Sharing on my PC, I could tell my PC firewall program to block that IP if I knew what it was.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Oct 6th, 2012 @ 2:28am

    Re: dumb ass says what.

    How do you pout the camera side down when both side have a camera?

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    The eejit (profile), Oct 6th, 2012 @ 2:31am

    Re: [this space intentionally left blank]

    Think of the uses this has for blind people when becoming accustomed to their new home: Use the software, make a minature 3D model of the home and use your tactile/haptic sonsors to adjust quickly and effectively.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Oct 6th, 2012 @ 5:32am

    The PDF was TLDR but I have to lean toward this being either a FUD thought experiment or a propaganda piece to sell smartphone antivirus software. When this kind of automatic 3D modelling technology is developed, it won't be done by burglars looking for stuff to steal.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Oct 6th, 2012 @ 5:52am

    Re:

    It's not in the wild, but it does exist.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Oct 6th, 2012 @ 7:31am

    Re:

    I don't doubt there's a scare element involved, but the technology isn't in question. We've been able to do this with a collection of still shots since the early days of CGI, (It's easier to work on each series of frames than to work on the video with very little RAM. Obviously, we're no longer in that paradigm).

    I'd say the scare part is that it isn't the phone putting the pieces together, that's just an ordinary take data (photos), send them to IP type thing, and here's an extra thing that the server that receives them can do.

    Even if it is the phone, big whoop, the server it sends them to could've done it a long time ago.

    Either burglars are already using this, (in which case, provide evidence), or it's too troublesome, or this just gave some burglars a novel idea.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Oct 6th, 2012 @ 7:32am

    Re: Re:

    Actually, y'know what? We've been able to do this to realtime TV feed with multiple camera input since 1997.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    abc gum, Oct 6th, 2012 @ 7:42am

    Maybe Mallory will post pics of Alice and Bob in the boudoir.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    davebarnes (profile), Oct 6th, 2012 @ 8:05am

    Only read to page 4

    I started reading and got past "proof of concept" and went on to finally see "Android".
    Told me all I needed to know.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Oct 6th, 2012 @ 8:06am

    Paranoia

    How long before the usual agencies want to be able to uses anybodies phone cameras when tracking them.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Oct 6th, 2012 @ 8:27am

    Re: Only read to page 4

    Translation: I let my own preconceived notions lead me to a conclusion without the benefit of all the data, and I decided to tell everyone that I have nothing substantive to add to the discussion.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Dreddsnik, Oct 6th, 2012 @ 8:32am

    " Told me all I needed to know. "

    And what was that ?
    I'm a little slow, so I don't get what you now 'know' from
    the word 'Android'. Please, be so kind as to clue in the
    those of us who are not quite as smart as you.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Dreddsnik, Oct 6th, 2012 @ 8:36am

    Re: Only read to page 4

    Never mind. A little research shows you to be an 'Apple Guy'.

    There shall be no other OS but me.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Philly Bob, Oct 6th, 2012 @ 8:52am

    All I ever needed to know about your life
    I learned from Android.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Dale, Oct 6th, 2012 @ 10:17am

    As malware, this IS truly creepy, but...

    ...imagine how powerful the underlying software would be for firefighters doing pre-fire plans of a building!

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Oct 6th, 2012 @ 10:22am

    Re: [this space intentionally left blank]

    So, in theory, soon our phone will be capable of keeping up with our keys for us?

    Quick, someone port this over to voice activate.."Phone, where are my f-ing keys?"


    *bzzzzz*

    "Walk forward 3 paces, turn left, lift up the towel, there ya go!"

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Oct 6th, 2012 @ 12:26pm

    Yup keep on laughing at my Nokia 3310.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    abc gum, Oct 6th, 2012 @ 5:28pm

    Re: Paranoia

    Approximately minus twelve years

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    abc gum, Oct 6th, 2012 @ 5:35pm

    Re: As malware, this IS truly creepy, but...

    I'm sure fire fighters are quite capable of doing that without any creepy spy capabilities.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Oct 6th, 2012 @ 5:41pm

    I read a book once where everyone had this little gizmo they carried around and it recorded everything they said and did to a central server. It was accessible only with a warrant and penalties for unauthorized access were severe, and it made crime almost nonexistent. But when it crashed all hell broke loose because no police were left that knew how to do actual investigations.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, Oct 6th, 2012 @ 5:42pm

    Duct tape: thwarting camera hacks since forever.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Anonymous Coward, Oct 6th, 2012 @ 8:11pm

    Re: Re: dumb ass says what.

    It's the model, not the camera, who does the pouting.

     

    reply to this | link to this | view in thread ]

  30.  
    icon
    Havoc (profile), Oct 7th, 2012 @ 1:04am

    Re:

    FTA:
    " It includes the following rather fanciful description of how this 3D-spying capability might be used. It's rather over the top, but it gives an idea of what's theoretically possible"
    A scare piece, nothing more.

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    abc gum, Oct 7th, 2012 @ 7:22am

    Re:

    That book sounds like a horror story of mad dystopia gone full retard, also it's a tad improbable.

    Or - it is about religion.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Chrisrsc, Oct 7th, 2012 @ 6:26pm

    What about sonar and x-ray to map your room? Can you use it to catch a cheating wife watching tv on the 20th floor while her beau is in the restroom showering and use the image in court?

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Anonymous Coward, Oct 7th, 2012 @ 7:47pm

    Data fee

    High quality images are too large to be ignored based on how todays mobile carriers charge us. This is theorically possible but too early to be a common problem.

     

    reply to this | link to this | view in thread ]

  34.  
    identicon
    Anonymous Coward, Oct 7th, 2012 @ 10:06pm

    How would this ever actually happen? Does Siri tell you, "Please turn your phone slightly to the left." Click. "A little more now, please..." Click...

     

    reply to this | link to this | view in thread ]

  35.  
    icon
    ethorad (profile), Oct 8th, 2012 @ 2:41am

    Re: Re: [this space intentionally left blank]

    Only problem will be:

    Phone - where's my pho... oh, wait. Dammit!

     

    reply to this | link to this | view in thread ]

  36.  
    icon
    Ninja (profile), Oct 8th, 2012 @ 4:47am

    They are becoming increasingly invasive. I simply turn off a lot of stuff simply because the apps installed on my phone can't seem to remain shut down and work as I want. Maps keeps executing and trying to find my location, some applications have annoying notifications that I can't turn off and other issues. I'm rooting my device as soon as the warranty expires to get rid of those annoyances and much of the bloatware manufacturers usually install without giving me the option to remove.

    I do believe this sort of invasiveness will start to get annoying, questioned and ultimately addressed. Till then we take the needed steps to reduce it.

     

    reply to this | link to this | view in thread ]

  37.  
    identicon
    Anonymous Coward, Oct 8th, 2012 @ 6:21am

    Curmudgeon FTW

    I guess the habit of leaving the phone on a table right next to the front door is paying off. I'm sure they'll get lots of data about my couch and TV, though.

     

    reply to this | link to this | view in thread ]

  38.  
    icon
    Cody Jackson (profile), Oct 8th, 2012 @ 4:14pm

    Possible, but plausible?

    With most people I know, this app would only be taking pictures of the inside of a pocket, or maybe the person's lap. How often does someone walk around their house with the camera in a position to be taking pictures of the interior?

    Even if someone is using the phone as a phone (less likely nowadays as people tend to text more), they don't tend to wander around the house. In my experience, people park their butts on a chair so they can talk. Walking and talking usually occurs outside the house.

     

    reply to this | link to this | view in thread ]

  39.  
    identicon
    Sarah @ Sell Your House Fast , Oct 12th, 2012 @ 7:14pm

    Interesting! and very great resource you shared.

     

    reply to this | link to this | view in thread ]

  40.  
    identicon
    Anonymous Coward, Oct 15th, 2012 @ 9:22am

    Re: Re:

    For about 3 months, until someone writes it, and another 3 months for it to get much-improved upon by the FBI/CIA/MI6/Mossad/KGB/whoever your fave boogey-man is.

     

    reply to this | link to this | view in thread ]

  41.  
    identicon
    Anonymous Coward, Oct 15th, 2012 @ 9:23am

    Re: Re: Only read to page 4

    You use Windows Millenium? Dood!

     

    reply to this | link to this | view in thread ]

  42.  
    identicon
    Anonymous Coward, Oct 15th, 2012 @ 9:24am

    Didn't this already happen...

    in The Dark Knight movie? Only outside? Seems standard sci-fi - to - become - reality

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This