Researchers Demonstrate 3D Spy Trojan for Mobile Phones
A team at the University of Indiana has created a program that, once it infects a mobile phone, can use the device as a remote-control spy that creates a 3D representation of places where the victims walks, such as an office or room in the home.Most people worry about traditional viruses and Trojans—the malware that could infect their computer and steal data or use the system's resources to attack other computers. Yet new research shows that people should, perhaps, worry more about their ever-present mobile phones and the devices' ability to record their lives. Researchers at the University of Indiana at Bloomington and the Crane Division of the Naval Surface Warfare Center (NSWC) created a program to use a phone's camera to take surreptitious pictures of its surroundings, weed out poor photos, and send the remaining stills back to be used to construct a 3D model of the environment. Called PlaceRaider, the project shows that virtual thieves and spies could identify and steal information from a remote location, the researchers said in a paper posted online on Sept. 26. The attack underscores that smartphones are more than just computers. They are also sensors, with cameras, accelerometers and microphones. Attackers using "sensor malware" could use those additional capabilities to gather information not available to run-of-the-mill computer malware. "From the attackers’ perspective, they can significantly increase their capabilities by using these programs and devices," said Apu Kapadia, an assistant professor in informatics and computing at Indiana University, Bloomington, and one of the authors of the paper. "Not only do they have access to your digital data on your device, they can listen to your environment; they can look at your environment; and they can feel the environment through the accelerometer."
In the paper, the researchers used PlaceRaider to take opportunistic pictures of the phone's current environment and then used the photos and motion information from the accelerometer to create 3D models of the environments. Digital thieves and attackers can use these models to identify objects of interest within the environment and steal information on computer monitors, financial documents or other information lying around.