US Navy Helps Create Camera-Hijacking Smartphone Malware

Hevva

Shipwrecked, comatose, newsie
Aug 2, 2011
1,500
0
0
US Navy Helps Create Camera-Hijacking Smartphone Malware



PlaceRaider quietly builds a model of your world as seen through your Android smartphone.

Tinfoil hats at the ready, ladies and gentlemen: Researchers at the United States Naval Surface Warfare Center [http://www.navsea.navy.mil/nswc/crane/] in Crane, Indiana, in cooperation with scientists from the University of Indiana, recently set out on a mission to see what security flaws they could uncover in smartphone devices running on Android 2.3 and above. After a few months of tinkering, their investigations led them to create a piece of smartphone malware that silently takes photos using your device's camera, uploads them to a central database, and then uses the photos to construct a 3D image of your surroundings for the purpose of stealing things from said surroundings at a later date.

The team named their sneaky malware PlaceRaider [http://arxiv.org/abs/1209.5982], and described details of its use by saying that "remote burglars" could use it to "download the physical space, study the environment carefully, and steal virtual objects from the environment (such as financial documents, information on computer monitors, and personally identifiable information)." In addition to visual information stolen from your camera, the malware also picks up location and orientation data from across your smartphone's sensors that enable it to place you, quite precisely, in the world. A simple image filter designed to detect extremely dark or blurry image patterns stops the app from inundating its servers with pictures of the inside of your jacket pocket. Any noises associated with its activities - such as the little shutter noises some smartphone cameras make - are disabled. All in all, it's a pretty impressive piece of work.

According to the researchers, PlaceRaider would gain access to your phone by basically sneaking in behind a legit-sounding download that asks your permission to access your phone's sensor systems (think Instagram, for instance, or one of its ilk). Once inside, it would run as a background program.

In order to test the malware, the team gave 20 unsuspecting smartphone fans an infected phone each and set about testing how much personal information they could glean from the data the malware sent back. In doing so the team discovered that, A) The photos are really pretty good for stealing information and, B) The photo-generated 3D models are even better for stealing information. Neat, huh?

Oh, and before anyone with an iPhone thinks of getting on some kind of Android-is-inferior shaped horse over this, it's worth noting that the app's creators "expect such malware to generalize to other platforms such as iOS and Windows Phone." We're all in this together, friends.

While there are infinite upsides to living in a super-connected, tech-based world, exploitable security flaws of this kind (not to mention those present in desktop computers; Flame says hello [http://www.escapistmagazine.com/news/view/117655-Flame-Virus-Freaking-Out-Cybersecurity-Personnel-Worldwide]) serve as sobering reminders of the potential downsides. This time, it was a benign team of scientific researchers who found the flaw and exposed it to the world, dragging it out into the light and reminding us to pay attention to what permissions an app asks for when we consider downloading it. The era of smartphone-based antivirus programs is almost here, but til then, I hear tinfoil's set to be one of the hottest trends of winter 2012/13. That hat is so totally you.


Source: Technology Review [http://arxiv.org/abs/1209.5982]









Permalink
 

Hevva

Shipwrecked, comatose, newsie
Aug 2, 2011
1,500
0
0
Wars that will be won with this tech: 0
Phones that will be hacked using this tech: infinite
Time until it is acquired by ill intentioned 3rd Party: ...too late.
 

Zombie_Moogle

New member
Dec 25, 2008
666
0
0
AVG (award-winning & free antivirus software) has an android app.

Thought some of you might like to know :)
 

vxicepickxv

Slayer of Bothan Spies
Sep 28, 2008
3,126
0
0
I actually have a hinged camera lens on my phone cover, so I already defeated this malware. Oops.
 

Aeshi

New member
Dec 22, 2009
2,640
0
0
Isn't Android open source? So we'll probably see a patch for this in about what, a week?
 

esperandote

New member
Feb 25, 2009
3,605
0
0
I doubt that a lot of people aim their mobile camera to sensitive documents and or the screen with sensitive information.

I aprecciate the tin foil hat joke but the malware is far from trying to read peoples minds.
 

SangRahl

New member
Feb 11, 2009
290
0
0
This just makes me that much happier that my BookBook case has no lens hole on it. The only time it is able to take a photo, is when I'm taking a photo. May not be perfect, but works for me.
 

Xan Krieger

Completely insane
Feb 11, 2009
2,918
0
0
I don't have a smartphone, my phone can't text or go online.
Xan Krieger-1, Military- 0
 

Lionsfan

I miss my old avatar
Jan 29, 2010
2,842
0
0
Cool I guess? If people want to take a whole bunch of photos and see what the inside of my pocket looks like, more power to them I guess
 

Tiger Sora

New member
Aug 23, 2008
2,220
0
0


Anythings hackable, so long as you can get at it or have access to it through the internet. besides, I'm sure the American military is working on way cooler projects that can work against there own country as we speak!
So awesome right?!
 

frizzlebyte

New member
Oct 20, 2008
641
0
0
Hevva said:
All in all, it's a pretty impressive terrifying piece of work.
Fix'd that for ya. Darn that autocorrect, amiright?

The fact that the US Navy assisted with this just makes me feel even better. I think we've found a new use for that shiny new datacenter in Utah.
 

Gilhelmi

The One Who Protects
Oct 22, 2009
1,480
0
0
Ya, you people wonder why I am paranoid. Yall, wonder why I have firearms and ammo "strategically located" within a 30 mile radius too me. Yall, still think I am crazy?

But seriously, lens cover and do not download anything. EVER!!! This is only what they are telling us. What are they NOT telling us?
 

Lt. Rocky

New member
Jan 4, 2012
158
0
0
If there was ever a time to believe the local hobo's claims of "The gu'b'ment stole m'teeffs!" now would be appropirate.
 

-Dragmire-

King over my mind
Mar 29, 2011
2,821
0
0
Reginald the Butler said:
Wars will surely be won with those top-secret photos of my pants pockets and jacket!
Poisoned Al said:
I'm sure pictures of my pocket lint and the palm of my hand will "stop da teoorists 4 merika!"
Guys, the article openly states that images that are extremely dark, like the inside of a pocket, are filtered out.

Hevva said:
US Navy Helps Create Camera-Hijacking Smartphone Malware

A simple image filter designed to detect extremely dark or blurry image patterns stops the app from inundating its servers with pictures of the inside of your jacket pocket.
_______________________________________________

OT: People just need to know what programs they want to allow access to the phone and deny everything else, doesn't seem too hard to avoid this issue.
 

Pinkamena

Stuck in a vortex of sexy horses
Jun 27, 2011
2,371
0
0
To be honest, this is actually rather impressive. I imagine it could be used in wars as a reconnaissance method.
 

tangoprime

Renegade Interrupt
May 5, 2011
716
0
0
Hevva said:
Researchers at the United States Naval Surface Warfare Center [http://www.navsea.navy.mil/nswc/crane/] in Crane, Indiana, in cooperation with scientists from the University of Indiana, recently set out on a mission to see what security flaws they could uncover in smartphone devices... ...construct a 3D image of your surroundings...
I thought Wayne Enterprises already had produced one of these. Theirs was a lot cooler too.