As society begins to rely more and more on the smartphones and mobile devices in our everyday lives, there are many who aren’t thinking about the security risks that come along with having a constantly connected computer in your pocket. The Naval Surface Warfare Center in Crane, Indiana and a group of scientists at Indiana University just reminded us that security should be a major concern, however, in developing a particularly nasty bit of malware for phones running Android 2.3 and later.
What does the malware do, exactly? It hijacks your phone’s camera, snapping pictures of your surroundings and sending them back to an offsite server, where malicious folks could use the images to construct a 3D image of your location. Why would they want to do that? To make stealing your stuff easier. Named PlaceRaider, the malicious program runs in the background, muting your phone while snapping images so you don’t hear the shutter sound. In short, you probably won’t have a way of knowing if you’ve downloaded PlaceRaider, even as it snaps pictures of your surroundings and gives crooks a better look at what’s worthy of stealing.
It doesn’t stop there though, as all of the photos are sent through a filter to ensure that pictures that are blurry or dark don’t make it into the 3D image. PlaceRaider can even use the sensors on your phone to figure out its orientation and pinpoint your position.
That would be absolutely terrifying, but the good news is that this piece of malware was developed as a test to see what kind of security flaws exist and are ready to be taken advantage of. Naturally, there will be some out there who think that the government will actually use this to spy on its citizens, but for now, we’re willing to give the US Navy and the folks at Indiana University the benefit of the doubt. The developers installed the malware on Android phones and then handed them off to 20 unsuspecting subjects, asking another group of test subjects to build 3D models of the rooms from the pictures that were snapped. They did, and discovered that it’s pretty easy to steal personal information – such as banking information on personal checks or crucial business secrets – from the pictures and models alike.
Though PlaceRaider was developed and tested on Android, its developers say in the study that it could very easily generalize to other platforms, such as iOS or Windows Phone. On the upside, additional security measures taken by both manufacturers and users could do a lot to stop malware like PlaceRaider from, you know, ruining your life. For instance, manufacturers could make it impossible for the shutter sound to be muted, while an antivirus program could scan the smartphone to make sure there isn’t anything fishy going on in the background. At the very least, it’s probably a good idea to do a little checking around before downloading an app that seems suspicious, which is a good way to avoid the malware problem altogether.
[via Technology Review]