Slashdot Mirror
PlaceRaider Builds a Model of Your World With Smartphone Photos
Hugh Pickens writes "Neal Ungerleider writes about PlaceRaider, a trojan that can run in the background of any phone running Android 2.3 or above, and is hidden in a photography app that gives PlaceRaider the necessary permissions to access the camera and upload images. Once installed, PlaceRaider quietly takes pictures at random that are tagged with the time, location, and orientation of the phone while muting the phone's shutter sound. Once pictures are taken, PlaceRaider uploads them to a central server where they are knitted together into a 3D model of the indoor location where the pics were taken. A malicious user can then browse this space looking for objects worth stealing and sensitive data such as credit card details, identity data or calender details that reveal when the user might be away. If a user's credit card, bank information, or personal information happen to be out in the open — all the better. — the software can identify financial data, bar codes, and QR codes. End users will also be able to get the full layout of a victim's office or room. The good news? PlaceRaider isn't out in the wild yet. The malware was built as an academic exercise by a team at Indiana University as a proof of concept to show the invasive potential of visual malware beyond simple photo or video uploads and demonstrate how to turn an individual's mobile device against himself (PDF), creating an advanced surveillance platform capable of reconstructing the user's physical environment for exploration and exploitation. 'The message is clear — this kind of malware is a clear and present danger. It's only a matter of time before this game of cat and mouse becomes more serious.'" As malware, it's spooky. But merely as software, this kind of intelligent 3-D imaging is something I'd like to be able to do with my phone.
Put your phone in your pocket when not using it. Problem solved.
Proud member of the Ferengi Socialist Party.
proof of conceptware.
and even that only if it works.
I mean, If it works nicely and does the stitching well: they got some other clients than just malware for the tech(as an _idea_ it's not new).
world was created 5 seconds before this post as it is.
Sincerely,
The NSA, TSA, FBI, CIA, Russian Mafia, Russian Government, Chinese Government, and Pedobear
How much data does it use?? as people on capped plan will see a big spike in data uses that may tip them off to software like this.
I'd love an apple that allows me to photograph an object from a few angles and have its dimensions calculated. From small things up to rooms. Obviously would need a known reference.
There are a few apps for Android that try but they are pretty limited.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
...while muting the phone's shutter sound.
Many Android phones require root privilege to mute shutter sound...Some of them allows screenshot of camera preview without it...but not all of them...rooting methods usually differ from phone model to model, and becoming more and more advanced. Some phones have security features like custom LSM modules, NAND tamper checking on boot, or MDM tools built into the kernel. I wonder how this malware dodge this problem.
I could do without the random pictures and uploading to a rogue site, but I would like to ask that the part where it silences the fake shutter sound be released into the wild, and we all agree not to fix it. My I also request that this no-fake-sounds malware be extended to touch keyboards as well?
Is it just my observation, or are there way too many stupid people in the world?
This is why I/O components need hardware on/off switches.
The radio(s), the screen, the touch surface, the camera(s), the speaker, the microphone, the buttons other than of course the "buttons on/off" button need to be either hardware controlled or controlled by immutable, bug-free software.
If I flip the "camera" switch to off, it should be off, and no software in the world should be able to turn it on.
Ditto the cellular radio, wifi, screen, speaker, touch surface, most of the buttons, etc. etc.
If the phone has a master power off button or switch, turning it off should be pretty much like removing the battery except the "turn phone on" button would still work. Not even the "wake on alarm" or "wake on LAN" functions should work. If you need those functions, use the "regular" on/off button, not the "master on/off" button or switch.
Computers and other electronics should have similar on-off buttons. At a minimum, they should have a "master power" button and, typically, a "normal" on/off button. "Normal" being what we normally think of as "on/off" - most functions off but a few, like wake-on-certain-events, turned on.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Found this off a search for "cheapest Nokia":
"The Nokia 103 is dust resistant, comes with an âoeanti-scratch coverâ, has a 1.36 inch black and white display, flashlight, an FM radio (requires a headset), and an 800 mAh battery that should give you 27 days of standby time or 11 hours of talk time. Size and weight: 107.2 mm x 45.1 mm x 15.3 mm; 77 grams."
16 Euros or $21. No camera.
'nuff said.
I'm not a lawyer, but I play one on the Internet. Blog
If my phone is "on" I want the option to individually turn off the mic, speaker, radios, and cameras in a non-overrideable way.
If I'm in a museum or meeting, I'll hardware-mute the speaker and possibly the mic, camera, and radios if recording or radio transmission is not allowed in that museum or meeting. Why hardware-mute? To give the museum owner or meeting chair confidence that my device isn't compromised so he'll allow me to use it to look up locally-stored data and take written notes.
If I'm in an airplane, I'll cut off whatever components the pilot asks me to in hardware.
As long as malware that can turn these things on exists, why should a museum, meeting chair, pilot, or the FAA trust my phone to not violate the rules unless the phone is built in a way that there's an obvious way to follow the rules without removing the battery.
Outside of these situations, I'll probably have abusable features like the mic and camera hardware-off when I'm not using them.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Security-minded businesses or governments may want their phones to include a separate computer in the phone that logs the time and, if available, GPS location any time the mic or camera is turned on and perhaps data relating to radio use, with the information stored in a place that the regular phone hardware and softare can't get to. This will provide evidence if an employee is accused of misusing his phone to record things he shouldn't be recording or, if the employee denies the act, evidence that the phone may be compromised.
Totalitarian governments may want all phones to record all I/O and send copies to a central police agency. Or at least they'll want their citizens to think their phones do this to deter use of the device for anti-government purposes.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Street view should work something like this... send people a car docking station that takes pictures as they drive around. Use software to stitch pictures together. Pay them with App Store credit for pictures that end up part of the street view.
These kind of thoughts make the Google glass project fascinating and terrifying. Street View the world. Capture all the print material. How much more?
About how walled gardens are bad?
-- Two men say they're Jesus. One of them must be wrong. - Dire Straits
Either Hugh Pickens didn't read the pdf or he is trying to intentionally misinform. A simple glance at the 1 Megapixel reconstruction shows that this would be impossible.
I actually think this is about getting Navy funding, because their entire premise - that people walk around pointing their phones at everything around them, is absurd. 99% of the pictures you would get from my phone would be useless, and consist of pictures that are of the ceiling, blacked out because my phone is on the table, blacked out because my phone is in my pocket, blacked out because my finger is over the camera lens as I talk, or blurry from the motion of moving it from the table or pocket to my ear.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
This would be a fantasic app (without the rogue upload of course) if you could then ask it where items are. Arrive home without your credit card, lost your keys, need to find where you left a tool that you didn't put away 6 months ago?
This type of service could be particularly useful if packaged along with some anti-theft software. For example, services like Prey already take pictures using their application on the device, but if combined with the ability to create a 3D model of the environment this could be even more useful in tracking down your hardware's location.
Taking pictures in your private space may be embarrassing and may expose your mistress or illegal pot plants to the world, but as far as burglars go, it is irrelevant: they can tell easily whether your house is worth breaking into from the outside. And the idea that a bunch of dim-wit burglars are using poor quality 3D models to plan their heist wouldn't even fly as a movie plot.
This project strengthens the ludicrous idea in people's heads that photography is somehow a significant threat to safety or security. Photographic documentation is an extremely important part of modern democracy, and projects like these threaten the ability of people to take pictures.
over the lenses, problem solved!
Lens cap.
Something easily reversible, like painter's tape or a couple of post-it notes (one isn't opaque enough) with something non-adhesive like a piece of paper to cover the lens area.
Duct tape is not easily reversible - removing it leaves a residue that can usually be cleaned off but not easily.
Some business desktop video phones have a plastic shutter that you can move over the lens. This is an effective and cheap solution for the camera. However, it doesn't silence the mic or speaker or other things I might need to turn off while leaving the phone turned on.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
good think my camera is so horrible you cant make out text!!! keep up the shitty cameras ZTE
How walled gardens are good?
Given how Apple has had it's fair share of malware in its appstore in the past?
Their whole theoretical plan, assuming the part about the phone taking pictures of its surroundings and uploading them without the user noticing actually works, still sounds like nonsense to me, because there is likely to be little connection between the types of criminals who hack phones and the ones who break into houses and steal things.
If you are the type to break into houses and steal things, then you are probably focused on a relatively small geographical area - you need a connection to the type of criminals who can actually move your stolen property, which is the sort of thing that only really works in person. You probably have little interest in hacking phones like this because such a scheme would generate data for places all over the world, 99% of which are completely impractical for you to exploit.
If you are the type to hack phones and computers, then the only way for your work to be practical is if you have a way to turn your hacks into money remotely, without ever actually travelling to the place where the hackee is, since each one is probably not worth anywhere near the cost of travelling there. Only by combining a lot of them without ever actually travelling anywhere can you make money.
Getting these two types of criminals together doesn't seem very practical - how does a hacker get in touch with a break-in man in a city far away? How could they come to trust each other enough to actually pull a directed robbery? Any break-in man would probably think he was either being screwed with by someone trying to get him to pay money for nonsense info, or being set up for an ambush by police or some other group of criminals. And any hacker would probably also think he was being set up in some way by police or some other criminal group. And you'd have to establish a lot of these relationships for the whole scheme to start to make any sense. Yeah, it's not happening. Let hackers stick to stealing credit card info and bank account login info, and let break-in men stick to conventional, local methods of figuring out who is worth the effort of robbing.
I don't reply to ACs
who saw the thread title, and clicked on it thinking it was going to be an extremely neat proof of concept that people would want to have running on their phones, to upload maps of places they've been to some central location, creating a crowdsourced repository of floorplans of every building on the planet? Cause that would actually be kinda cool. (Obviously you wouldn't post the actual -images-, preferably the phone would do the datacrunching itself, and just send processed data to be converted into floorplans.)
Wait until glass like gadgets come to life.
That's why they've been selling belt holsters for mobile phones all of these years!