PlaceRaider app lets phone camera spy on people

android malware
Malware that runs on Android cell phones and can let attackers perform remote reconnaissance and virtual theft is the handiwork of academic and military researchers.

They call it "visual malware" dubbed PlaceRaider that uses the phone's camera and other sensors to create three-dimensional models of indoor environments that bad guys could download, study and use to steal "virtual objects" such as financial documents, information on computer monitors, and personal information.

The software even shuts off the phone’s speaker so someone being spied on doesn’t hear the typical sound a device emits when a photo is taken.

The app follows up on other nefarious tools created by researchers.

The Soundminer malware was designed to listen in on phone conversations and use speech recognition to decode credit card and PIN details that users might mention when calling their bank, for example. It also was designed to recognize and decode tones heard when keys are pressed.

Also, a team of researchers at Georgia Tech created pirate software that used a smartphone accelerometer to steal keystrokes from a nearby keyboard.

So should you worry about your phone spying on you? Hardly.

android malware

These researchers get paid to do this stuff and they have vast resources at their fingertips. While they can prove phones are capable of doing these kinds of tricks, and even if doing so gives real criminals ideas, the average hacker can’t pull off such shenanigans on his own.

Even if the bad guys could, imagine the vast amount of data they would have to cull through to find a single bank statement you might have displayed on your computer screen that your phone’s camera happened to capture surreptitiously.

PlaceRaider was created thanks to a grant from the National Science Foundation awarded to researchers from the school of Informatics and Computing at Indiana University in Bloomington, Ind., and the Naval Surface Warfare Center in Crane, Ind.

Check out the paper (PDF) that outlines, in full, what they accomplished.

Subscribe to the Security Watch Newsletter

Comments