Researchers from the U.S. Naval Surface Warfare Center have developed malicious software that can remotely seize control of the camera on an infected smartphone and employ it to spy on the phone’s user.
The malware, dubbed “PlaceRaider,” “allows remote hackers to reconstruct rich, three-dimensional models of the smartphone owner’s personal indoor spaces through completely opportunistic use of the camera,” the researchers said in a study published last week.
The program uses images from the camera and positional information from the smartphone’s gyroscopic and other sensors to map spaces the phone’s user spends a lot of time in, such as a home or office.
“Remote burglars” could use these three-dimensional models to “study the environment carefully and steal virtual objects [visible to the camera] … such as as financial documents [or] information on computer monitors,” the researchers reported.
The program they developed for research purposes easily could be disguised by a malicious user as an app — the programs that run on smartphones — and unwittingly downloaded by victims, according to the study, which first was reported by the newsblog ThreatPost.
Because users often do not realize that a smartphone is basically a small computer, and because there are few security products available, smartphones are considered highly vulnerable to hackers.
Commercial software, for instance, can turn smartphones into microphones and tracking devices.
But PlaceRaider is the first known example of malware developed to exploit the high-definition cameras that are now ubiquitous on smartphones.
The study was a collaboration between the Navy center team and researchers from the School of Informatics and Computing at Indiana University.