Creepy Smartphone Malware Re-creates Your Home For Stalkers

from the whose-side-are-you-on? dept

It’s become something of a cliché that anyone with a mobile phone is carrying a tracking device that provides detailed information about their location. But things are moving on, as researchers (and probably others as well) explore new ways to subvert increasingly-common smartphones to gain other revealing data about their users. Here’s a rather clever use of malware to turn your smartphone into a system for taking clandestine photos — something we’ve seen before, of course, in other contexts — but which then goes even further by stitching them together to form a pretty accurate 3D model of your world:

This paper introduces a novel visual malware called PlaceRaider, which allows remote attackers to engage in remote reconnaissance and what we call virtual theft. Through completely opportunistic use of the camera on the phone and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments.

The use of 3D reconstructions overcomes a potential problem with ordinary spyware: there’s often too much data whose significance is unclear. That makes finding anything interesting hard. The solution here is to combine all the data into a unified, virtual reconstruction that can then be navigated by snoopers looking for significant items just as they might if they were rooting through your physical space.

The full academic paper “PlaceRaider: Virtual Theft in Physical Spaces with Smartphones” (pdf) makes for fascinating reading, even if it doesn’t seem to understand the difference between “theft” and “surveillance”. It includes the following rather fanciful description of how this 3D-spying capability might be used. It’s rather over the top, but it gives an idea of what’s theoretically possible:

Alice does not know that her Android phone is running a service, PlaceRaider, that records photos surreptitiously, along with orientation and acceleration sensor data. After on-board analysis, her phone parses the collected images and extracts those that seem to contain valuable information about her environment. At opportune moments, her phone discretely transmits a package of images to a remote PlaceRaider command and control server.

Upon receiving Alice’s images, the PlaceRaider command and control server runs a computer vision algorithm to generate a rich 3D model. This model allows Mallory, the remote attacker, to immerse herself easily in Alice’s environment. The fidelity of the model allows Mallory to see Alice’s calendar, items on her desk surface and the layout of the room. Knowing that the desktop surface might yield valuable information, Mallory zooms into the images that generated the desktop and quickly finds a check that yields Alice’s account and routing numbers along with her identity and home address. This provides immediate value. She also sees the wall calendar, noticing the dates that the family will be out of town, and ponders asking an associate who lives nearby to ‘visit’ the house while the family is away and ‘borrow’; the iMac that Mallory sees in Alice’s office.

Well, maybe not. But what’s more interesting is the way that smartphone malware is able to gather enough information to allow the detailed reconstruction of complex spaces. The paper includes some impressive 3D reconstructions from apparently random images that have been stitched together. These and the research project that produced them are a salutary reminder that useful as they are, smartphones also bring with them new dangers that need to be considered and, ultimately, addressed.

Follow me @glynmoody on Twitter or, and on Google+

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Creepy Smartphone Malware Re-creates Your Home For Stalkers”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re:

I don’t doubt there’s a scare element involved, but the technology isn’t in question. We’ve been able to do this with a collection of still shots since the early days of CGI, (It’s easier to work on each series of frames than to work on the video with very little RAM. Obviously, we’re no longer in that paradigm).

I’d say the scare part is that it isn’t the phone putting the pieces together, that’s just an ordinary take data (photos), send them to IP type thing, and here’s an extra thing that the server that receives them can do.

Even if it is the phone, big whoop, the server it sends them to could’ve done it a long time ago.

Either burglars are already using this, (in which case, provide evidence), or it’s too troublesome, or this just gave some burglars a novel idea.

Anonymous Coward says:

I read a book once where everyone had this little gizmo they carried around and it recorded everything they said and did to a central server. It was accessible only with a warrant and penalties for unauthorized access were severe, and it made crime almost nonexistent. But when it crashed all hell broke loose because no police were left that knew how to do actual investigations.

Ninja (profile) says:

They are becoming increasingly invasive. I simply turn off a lot of stuff simply because the apps installed on my phone can’t seem to remain shut down and work as I want. Maps keeps executing and trying to find my location, some applications have annoying notifications that I can’t turn off and other issues. I’m rooting my device as soon as the warranty expires to get rid of those annoyances and much of the bloatware manufacturers usually install without giving me the option to remove.

I do believe this sort of invasiveness will start to get annoying, questioned and ultimately addressed. Till then we take the needed steps to reduce it.

Cody Jackson (profile) says:

Possible, but plausible?

With most people I know, this app would only be taking pictures of the inside of a pocket, or maybe the person’s lap. How often does someone walk around their house with the camera in a position to be taking pictures of the interior?

Even if someone is using the phone as a phone (less likely nowadays as people tend to text more), they don’t tend to wander around the house. In my experience, people park their butts on a chair so they can talk. Walking and talking usually occurs outside the house.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...