Virtual Theft in Physical Spaces with Smartphones

An interesting paper was recently published on the dangers of malware related to spying/virtual theft.  The article is available here, the abstract is below.

PlaceRaider: Virtual Theft in Physical Spaces with Smartphones

Abstract

As smartphones become more pervasive, they are increasingly targeted by malware. At the same time, each new generation of smartphone features increasingly powerful onboard sensor suites. A new strain of `sensor malware’ has been developing that leverages these sensors to steal information from the physical environment | e.g., researchers have recently demonstrated how malware can `listen’ for spoken credit card numbers through the microphone, or `feel’ keystroke vibrations using the accelerometer. Yet the possibilities of what malware can `see’ through a camera have been understudied.

This paper introduces a novel `visual malware’ called PlaceRaider, which allows remote attackers to engage in remote reconnaissance and what we call “virtual theft.” Through completely opportunistic use of the phone’s camera and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments. Remote burglars can thus `download’ the physical space, study the environment carefully, and steal virtual objects from the environment (such as nancial documents, information on computer monitors, and personally identiable information).

Through two human subject studies we demonstrate the eectiveness of using mobile devices as powerful surveillance and virtual theft platforms, and we suggest several possible defenses against visual malware.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s