US Navy develops malware for smartphones that will “steal your life”

PlaceRaider. The name sounds like a gamer tag someone would use on Xbox. It isn’t a gamer tag, however. (Well it might be but not in the context of this article.) PlaceRaider is the name of a new malware developed by Robert Templeman from the US Naval Surface Warfare Center in conjunction with a few people from Indiana University. And damn is it scary. So scary, in fact, that it is being described as “malware designed to steal your life”.

Categorized in a new class as “visual malware”, PlaceRaider infects smartphones in the form of a malicious app. Once installed, PlaceRaider runs in the background and continually secretly takes photos using the camera on smartphones. (PlaceRaider mutes phones so as to not make a shutter sound when photos are snapped.) These photos are then sent to a remote server which filters the photos to remove dark or blurry images (such as photos taken when a phone is in a pocket) and creates a 3D model out of the remaining ones. Since this 3D model is made from photos taken from a smartphone (i.e. photos of the target person’s surroundings), the model potentially contains sensitive and personal information — such as credit card numbers, computer activity, etc. This information is stolen by analyzing the 3D model.

Currently PlaceRaider has been developed to work on Android 2.3. However, seeing as the malware doesn’t exploit any specific Android vulnerability but rather tricks users into installing the app, Templeman sees no issues with it being ported to other platforms such as iOS or Windows Phone:

We implemented on Android for practical reasons, but we expect such malware to generalize to other platforms such as iOS and Windows Phone.

Templeman also mentions that while he and his team designed PlaceRaider to take photos, it is possible to do the same thing with videos.

Since this was developed by a research arm of the US Navy, there isn’t too much to worry about seeing PlaceRaider appear in-the-wild. While I’m sure the Navy will use this technology for warfare and intelligence gathering purposes, I highly doubt they would release it on the general public. However, if Templeman and friends can develop something like this, it isn’t hard to imagine that someone else can, too — someone else that may release the malware in-the-wild for devious purposes.

This is yet another reason to be careful about what you install on your smartphone because, after all, it may be small but it is a full-blown computer.

[via TechnologyReview]

Related Posts

  • Coyote

    @Terry Nachtmerrie: If you’ve ever seen 15 minutes of TruTV you know that there are a lot of stupid people out here, and the most far gone like to be videoed while doing everything. The more stupid the better… So an app that can turn your whole life into a 27/7 live TV show sounds like a million dollar app to me.

  • Terry Nachtmerrie

    I bet that if they put it up on Google’s Play Store with a honest description there will still be tons of people that install it.

  • FFUser

    This is a good reason for manufacturers to have a simple sliding “lens cover” to turn the camera functionality on or off, like my Asus netbook.

  • J.L.

    @jayesstee: That reminds me, I haven’t turned it on yet. Rebooting fixes quite a few bugs, lol.

    I wouldn’t cover 2 perfectly fine cameras though, saves money from a digital camera.

  • jayesstee

    Most smart ‘phone users forget that each device has an off-switch.

    Simply turn the ‘phone off and it won’t get tracked and photos won’t get taken.

    Simple! Except they regard switching it off as akin to switching their life support machine off. So they have to put up with the inconvenience of being “surveyed” by there own ‘phone (that they paid for with their own hard earned cash).

    I will pereodically turn mine on and point it close to some dog mess or maggots nest or other unpleasant object(s). Otherwise the camera lense will be covered to stop the b**st*ds.

  • mukhi

    as i said before, hacking a smartphone now-a-days is as easy as finding and installing an app.