Jump to content
The Corroboree
bℓσωηG

New software uses smartphone camera for spying

Recommended Posts

http://www.washingtontimes.com/news/2012/oct/2/new-software-uses-smartphone-camera-spying/

Researchers from the U.S. Naval Surface Warfare Center have developed malicious software that can remotely seize control of the camera on an infected smartphone and employ it to spy on the phone’s user.

The malware, dubbed “PlaceRaider,” “allows remote hackers to reconstruct rich, three-dimensional models of the smartphone owner’s personal indoor spaces through completely opportunistic use of the camera,” the researchers said in a study published last week.

The program uses images from the camera and positional information from the smartphone’s gyroscopic and other sensors to map spaces the phone’s user spends a lot of time in, such as a home or office.

“Remote burglars” could use these three-dimensional models to “study the environment carefully and steal virtual objects [visible to the camera] … such as as financial documents [or] information on computer monitors,” the researchers reported.

The program they developed for research purposes easily could be disguised by a malicious user as an app — the programs that run on smartphones — and unwittingly downloaded by victims, according to the study, which first was reported by the newsblog ThreatPost.

Because users often do not realize that a smartphone is basically a small computer, and because there are few security products available, smartphones are considered highly vulnerable to hackers.

Commercial software, for instance, can turn smartphones into microphones and tracking devices.

But PlaceRaider is the first known example of malware developed to exploit the high-definition cameras that are now ubiquitous on smartphones.

The study was a collaboration between the Navy center team and researchers from the School of Informatics and Computing at Indiana University.

post-4908-0-45942500-1349484198_thumb.gi

Share this post


Link to post
Share on other sites

Yuck, i already had my suspicions.

Share this post


Link to post
Share on other sites

I just knew my phone was plotting to get me.

  • Like 1

Share this post


Link to post
Share on other sites

Interesting stuff. I wonder when there will be a non-malware version of this. I'd love to see what my house supposedly looks like through the eyes of my phone and some science.

  • Like 2

Share this post


Link to post
Share on other sites

Mine jigs around in my pocket all day, plenty of gyroscopic action for them to appreciate!

  • Like 1

Share this post


Link to post
Share on other sites

This is released information.

I wonder what else they have (and for how long) that they arent telling us...

  • Like 3

Share this post


Link to post
Share on other sites

I know the info is about smartphones, but I reckon iPods would have the same capabilities as it has a camera and a mic', and apps are installed on it... My daughter has a little bit of BluTak on her iPod , and her lap top camera ( and has done so for ages now) because she doesn't think it's secure, and she's only 11.

I shudder at the thought of what some of the images are being used for.

:|

Share this post


Link to post
Share on other sites

There's an app for jailbroken iPhones that you can use to remotely control your camera, it's meant to be used for if someone steals your phone, you can take pics of the person that took it, use the gps to track it and you can even wipe the whole phone if you wanted, all from your computer at home.

But an app designed to hack into any camera is going a bit far :wacko:

Share this post


Link to post
Share on other sites

Ive wondered for a while why these new smart phones don't have some sort of protective slide cover for the camera lens,

I like your daughters blue tack idea Amazonian

  • Like 1

Share this post


Link to post
Share on other sites

Yeah Amz, she sounds like a very smart kid!

  • Like 1

Share this post


Link to post
Share on other sites

Ive wondered for a while why these new smart phones don't have some sort of protective slide cover for the camera lens,

I like your daughters blue tack idea Amazonian

^ We could patent something . We could re-package BluTak (which comes in a variety of colours), and call it 'Spy No More Camera Tak'.

Yeah Amz, she sounds like a very smart kid!

^ Yeah, takes after her mother. B) , lol. :P

  • Like 3

Share this post


Link to post
Share on other sites

if you go in hacker-type circles or are willing to pay cash for dodgy software, and you can get your hands on a phone to manually install the software....... i'm afraid it's that easy.

an access code on the phone seems more appealing than ever huh. this kind of software can send the audio from a phone conversation to a server of your choice, also like a lot of trojan horse type software, anything that the user gains remote access to can probably also be accessed by the designer of the trojan horse.

i'm not sure about the iPod thing amz, unless it has an internet connection or similar. yeah a standalone device can be infected and might be told to store data for retrieval by the cretin at a later date, but it can't send data into the nether.

Share this post


Link to post
Share on other sites

i'm not sure about the iPod thing amz, unless it has an internet connection or similar. yeah a standalone device can be infected and might be told to store data for retrieval by the cretin at a later date, but it can't send data into the nether.

The iPod Touch's have wifi. It's simple to write something to wait until there's a connection before uploading the data.

That said, it's a lot harder to get malware on a (non-jailbroken) iDevice due to the strict policies and checking of the AppStore. Apple's official "Remote lock" stuff is pretty scary though.

Android has methods in place to stop that kind of stuff too but so much shit gets through...

*Edit: Related: Over 60% of Android malware steals your money via premium SMS, hides in fake forms of popular apps

Edited by at0m

Share this post


Link to post
Share on other sites

i'm not sure about the iPod thing amz, unless it has an internet connection or similar. yeah a standalone device can be infected and might be told to store data for retrieval by the cretin at a later date, but it can't send data into the nether.

I think the iphone is just as bad, there are so many apps that are "must haves" - wouldn't it be easy to add a secret bit of code onto Angry Birds which is on millions of phones worldwide? Instagram, as another example, has this weird thing that can literally pinpoint in 3D where a photo is taken, so you can view photos of your neighbours if they are unsecured - and how easy would it be for a hacker to break that if they wanted? All your photos log where you took them, I do a lot of bush-walking and the photos have GPS positions on as part of the file, I didn't realise til recently the phone has google maps and it pins every single picture I have taken. You can switch this off, but seriously...

Also, the iphone also knows what your angle is (great for kiddy apps) and a photo app which can tell if you are steady or not; most of the apps store data on a server somewhere, as far as I can tell, not just on the Apple webstore.

If anyone believes their internet, email, phone, whatever, is secure, they are delusional.

Share this post


Link to post
Share on other sites

I think the iphone is just as bad, there are so many apps that are "must haves" - wouldn't it be easy to add a secret bit of code onto Angry Birds which is on millions of phones worldwide?

Not entirely, no. As I mentioned above, Apple has a restrictions and checking in place to stop that kind of thing. ACLs, manual checking, automated checking.

Instagram, as another example, has this weird thing that can literally pinpoint in 3D where a photo is taken, so you can view photos of your neighbours if they are unsecured - and how easy would it be for a hacker to break that if they wanted?

That's GPS and then plotting co-ordinated on maps. This is a setting that can be disabled in most/all apps. That or you could disable the GPS in the settings.

If anyone believes their internet, email, phone, whatever, is secure, they are delusional.

Correct. Nothing is secure.

Share this post


Link to post
Share on other sites

If you are paranoid like myself, you will believe quite readily that it is quite possible that, just as corporations have directors and whatnot also providing services as part of the government as close advisors to the politicians, it is not too much a stretch of the imagination that these people, who are essentially part of the government as well as corporate bosses, might allow government agencies like ASIO, the CIA etc. to use their technology to spy on people?

It's a mistake believing these major corporations are not part of the ruling elite.

Share this post


Link to post
Share on other sites

I didn't deny that. I was referring to standard (non Govt.) malware.

and it's not so much a case of "might" as "will". Subpoenas, etc

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×