from the whose-side-are-you-on? dept
It's
become something of a cliché that anyone with a mobile phone is
carrying a tracking device that provides detailed information about
their location. But things are moving on, as researchers (and probably
others as well) explore new ways to subvert increasingly-common
smartphones to gain other revealing data about their users. Here's a
rather clever use of
malware to turn your smartphone into a system for taking clandestine photos -- something we've seen before, of course, in
other contexts -- but which then goes even further by stitching them together to form a pretty accurate 3D model of your world:
This paper introduces a novel visual malware
called PlaceRaider, which allows remote attackers to engage in remote
reconnaissance and what we call virtual theft. Through completely
opportunistic use of the camera on the phone and other sensors,
PlaceRaider constructs rich, three dimensional models of indoor
environments.
The use of 3D reconstructions overcomes a potential problem with
ordinary spyware: there's often too much data whose significance is
unclear. That makes finding anything interesting hard. The solution
here is to combine all the data into a unified, virtual reconstruction
that can then be navigated by snoopers looking for significant items
just as they might if they were rooting through your physical space.
The full academic paper "
PlaceRaider: Virtual Theft in Physical Spaces with Smartphones"
(pdf) makes for fascinating reading, even if it doesn't seem to
understand the difference between "theft" and "surveillance". It
includes the following rather fanciful description of how this 3D-spying
capability might be used. It's rather over the top, but it gives an
idea of what's theoretically possible:
Alice does not know that her Android phone is
running a service, PlaceRaider, that records photos surreptitiously,
along with orientation and acceleration sensor data. After on-board
analysis, her phone parses the collected images and extracts those that
seem to contain valuable information about her environment. At opportune
moments, her phone discretely transmits a package of images
to a remote PlaceRaider command and control server.
Upon receiving Alice's images, the PlaceRaider command and control
server runs a computer vision algorithm to generate a rich 3D model.
This model allows Mallory, the remote attacker, to immerse herself
easily in Alice's environment. The fidelity of the model allows Mallory
to see Alice's calendar, items on her desk surface and the layout of the
room. Knowing that the desktop surface might yield valuable
information, Mallory zooms into the images that generated the desktop
and quickly finds a check that yields Alice's account and routing
numbers along with her identity and home address. This provides
immediate value. She also sees the wall calendar, noticing the dates
that the family will be out of town, and ponders asking an associate who
lives nearby to 'visit' the house while the family is away and
'borrow'; the iMac that Mallory sees in Alice's office.
Well, maybe not. But what's more interesting is the way that smartphone
malware is able to gather enough information to allow the detailed
reconstruction of complex spaces. The paper includes some impressive 3D
reconstructions from apparently random images that have been stitched
together. These and the research project that produced them are a
salutary reminder that useful as they are, smartphones also bring with
them new dangers that need to be considered and, ultimately, addressed.
http://www.techdirt.com/
No comments:
Post a Comment