PlaceRaider Builds a Model of Your World With Smartphone Photos

← Back to Stories (view on slashdot.org)

PlaceRaider Builds a Model of Your World With Smartphone Photos

Posted by timothy on Sunday September 30, 2012 @01:29AM from the persistent-virtual-worlds dept.

Hugh Pickens writes "Neal Ungerleider writes about PlaceRaider, a trojan that can run in the background of any phone running Android 2.3 or above, and is hidden in a photography app that gives PlaceRaider the necessary permissions to access the camera and upload images. Once installed, PlaceRaider quietly takes pictures at random that are tagged with the time, location, and orientation of the phone while muting the phone's shutter sound. Once pictures are taken, PlaceRaider uploads them to a central server where they are knitted together into a 3D model of the indoor location where the pics were taken. A malicious user can then browse this space looking for objects worth stealing and sensitive data such as credit card details, identity data or calender details that reveal when the user might be away. If a user's credit card, bank information, or personal information happen to be out in the open — all the better. — the software can identify financial data, bar codes, and QR codes. End users will also be able to get the full layout of a victim's office or room. The good news? PlaceRaider isn't out in the wild yet. The malware was built as an academic exercise by a team at Indiana University as a proof of concept to show the invasive potential of visual malware beyond simple photo or video uploads and demonstrate how to turn an individual's mobile device against himself (PDF), creating an advanced surveillance platform capable of reconstructing the user's physical environment for exploration and exploitation. 'The message is clear — this kind of malware is a clear and present danger. It's only a matter of time before this game of cat and mouse becomes more serious.'" As malware, it's spooky. But merely as software, this kind of intelligent 3-D imaging is something I'd like to be able to do with my phone.

29 of 120 comments (clear)

Min score:

Reason:

Sort:

Pocket by leromarinvit · 2012-09-30 01:32 · Score: 4, Insightful

Put your phone in your pocket when not using it. Problem solved.

--
Proud member of the Ferengi Socialist Party.
1. Re:Pocket by Anonymous Coward · 2012-09-30 01:44 · Score: 5, Funny
  
  Put your phone in your pocket when not using it. Problem solved.
  then it will probably generate a 3D model of something else...
2. Re:Pocket by Anonymous Coward · 2012-09-30 01:45 · Score: 5, Funny
  
  Yeah, but from that close it'll look HUGE!!!
3. Re:Pocket by Anonymous Coward · 2012-09-30 01:54 · Score: 2, Interesting
  
  They could probably simply solve this by making it take pictures at certain intervals and then only submit the ones that have reasonable light to the server. This could of course eat some processing power, so you may notice battery life decrease.
  If you gonna keep your phone in your pocket forever, fine, you won, but what use does it have?
  Actually even that may not be enough. If you can have the locations figured out, that could possibly be enough to make a rough sketch of the house you live in. GPS and 3G locations, add them all together and you may be able to figure out the room layout, special locations like the toilet (even if you just want to annoy a person, figure out when he is on the toilet and then ring his doorbell), you could probably do a good guess on the bedroom (phone doesn't move for several hours?), kitchen (room repeatedly gone to around usual eating hours?).
  Among other things like when you are out of house often.
  Being able to aggregate lots of data on lots of people at the same time would be very nice as a criminal/government.
4. Re:Pocket by vlm · 2012-09-30 01:56 · Score: 2
  
  Put your phone in your pocket when not using it. Problem solved.
  When talking on it, my relatively featureless "bar of soap" phone has a convenient hole for my pointer finger, that being the camera lens.
  When doing something other than talking on it (99% of the time), you'd get an image of the palm of my hand. I would imagine an automated image analysis of hair distribution on palms of hands would be an interesting research project. (Ahh, I see, 99% of slashdotters have hair on palms, thus 1% of slashdotters are women...)
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
5. Re:Pocket by drkim · 2012-09-30 02:33 · Score: 5, Funny
  
  Buy an iPhone. Problem solved...
  ...because you will just sit motionless in one spot, softly murmuring praise of your iPhone, until the battery dies.
  FTFY
6. Re:Pocket by Anonymous Coward · 2012-09-30 03:01 · Score: 4, Funny
  
  That's what she said ?
7. Re:Pocket by Cinder6 · 2012-09-30 03:26 · Score: 2
  
  Until that filthy Bagginses comes around, at least...
  
  --
  If you can't convince them, convict them.
8. Re:Pocket by tsa · 2012-09-30 03:37 · Score: 2
  
  That thing is amazing. I still can't believe how I could ever live without it.
  
  --
  -- Cheers!
9. Re:Pocket by leromarinvit · 2012-09-30 03:48 · Score: 3, Insightful
  
  It gonna be hard to keep your hand on the lens at all time, you could make the phone recognize big moves that correspondent closely to being taken out of the pocket. From there you may be able to get a few pictures every time its taken out. Also using the mic to recognize when somebody is talking in it gonna give you a good idea on when its being used and thus out of the pocket.
  I guess you could get some data that way, but I doubt it would be very much. All these things (constantly making photos, trying to get a GPS fix, reading sensor/mic data) will suck power like mad. If my phone's battery suddenly only lasts 3 or 4 hours, I'm going to investigate what's going on. Uninstall recently installed apps, look what background processes are running, do a factory reset if nothing helps. Less technically inclined people would probably ask their nerd friends for help or take it to a shop.
  
  --
  Proud member of the Ferengi Socialist Party.
10. Re:Pocket by leromarinvit · 2012-09-30 09:40 · Score: 3, Insightful
  
  Because Apple would never approve malware in the app store? Right.
  They don't have the source code to submitted apps, so they couldn't review it even if they wanted to.
  
  --
  Proud member of the Ferengi Socialist Party.
11. Re:Pocket by drkim · 2012-09-30 13:45 · Score: 3, Insightful
  
  Researcher comes out with yet another bonafide [sic] security flaw on Android, and you make it yet another iHater Apple bash..
  Oh. I see. When some Anonymous Coward posts, "Buy an iPhone." in a thread about Android phones, that's OK.
  But if we respond to that specific comment with an (obviously) humorous comment about iPhone users taking themselves too seriously; that we're 'Childish.' and we're just (and I quote) "...sticking it to the 'Apple Man.'"
  Well, thank you Apple user, for showing us how you, um, don't take yourself too seriously...
12. Re:Pocket by narcc · 2012-10-02 07:06 · Score: 2
  
  Well, you have to realize that the reason multitasking is like it on iOS (despite being a full UNIX core) is because of battery life.
  
  Let's say that's true. Other platforms give you the option to suspend background apps are keep them running. (BB10, BB PBOS)
  
  But it's also to do with security - iOS has very limited ways of accessing user data
  RIM's platforms have better security, yet don't have these same restrictions! It looks like a way to avoid implementing proper security to me.
  RIM can manage it, yet Apple can't ... that doesn't sound too good for Apple!
  On security, Are there any RIM products that don't have the highest FIPS certification plus a bunch of others? How is it that Apple has been trying for something like three years just for the basics and STILL hasn't managed it?
  Piss-poor features are not a substitute for proper security. Not by a long shot.
  
  --
  Required reading for internet skeptics
How much data does it use?? by Joe_Dragon · 2012-09-30 01:38 · Score: 3

How much data does it use?? as people on capped plan will see a big spike in data uses that may tip them off to software like this.
Muting camera... by Anonymous Coward · 2012-09-30 01:45 · Score: 2, Interesting

...while muting the phone's shutter sound.
Many Android phones require root privilege to mute shutter sound...Some of them allows screenshot of camera preview without it...but not all of them...rooting methods usually differ from phone model to model, and becoming more and more advanced. Some phones have security features like custom LSM modules, NAND tamper checking on boot, or MDM tools built into the kernel. I wonder how this malware dodge this problem.
Required "malware" by Overzeetop · 2012-09-30 01:48 · Score: 2

I could do without the random pictures and uploading to a rogue site, but I would like to ask that the part where it silences the fake shutter sound be released into the wild, and we all agree not to fix it. My I also request that this no-fake-sounds malware be extended to touch keyboards as well?

--
Is it just my observation, or are there way too many stupid people in the world?
1. Re:Required "malware" by wonkey_monkey · 2012-09-30 02:49 · Score: 2
  
  What's the alternative? A sound of some kind can be very useful when taking a picture - making it unique is also useful, and it doesn't really matter if kids these days don't know the etymology. Ditto saving - it's pretty much an entirely abstract concept these days, but it still needs an icon.
  
  I've noticed a disturbing sharp turn to anachronism in the tech field lately.
  There's been no "turn" - there's just nowhere else to go.
  
  --
  systemd is Roko's Basilisk.
A call for hardware on/off switches by davidwr · 2012-09-30 01:53 · Score: 3, Interesting

This is why I/O components need hardware on/off switches.
The radio(s), the screen, the touch surface, the camera(s), the speaker, the microphone, the buttons other than of course the "buttons on/off" button need to be either hardware controlled or controlled by immutable, bug-free software.
If I flip the "camera" switch to off, it should be off, and no software in the world should be able to turn it on.
Ditto the cellular radio, wifi, screen, speaker, touch surface, most of the buttons, etc. etc.
If the phone has a master power off button or switch, turning it off should be pretty much like removing the battery except the "turn phone on" button would still work. Not even the "wake on alarm" or "wake on LAN" functions should work. If you need those functions, use the "regular" on/off button, not the "master on/off" button or switch.
Computers and other electronics should have similar on-off buttons. At a minimum, they should have a "master power" button and, typically, a "normal" on/off button. "Normal" being what we normally think of as "on/off" - most functions off but a few, like wake-on-certain-events, turned on.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Nokia 103 by Compaqt · 2012-09-30 01:56 · Score: 2

Found this off a search for "cheapest Nokia":
"The Nokia 103 is dust resistant, comes with an âoeanti-scratch coverâ, has a 1.36 inch black and white display, flashlight, an FM radio (requires a headset), and an 800 mAh battery that should give you 27 days of standby time or 11 hours of talk time. Size and weight: 107.2 mm x 45.1 mm x 15.3 mm; 77 grams."
16 Euros or $21. No camera.
'nuff said.

--
I'm not a lawyer, but I play one on the Internet. Blog
What I want in my phone... by davidwr · 2012-09-30 02:00 · Score: 2

If my phone is "on" I want the option to individually turn off the mic, speaker, radios, and cameras in a non-overrideable way.
If I'm in a museum or meeting, I'll hardware-mute the speaker and possibly the mic, camera, and radios if recording or radio transmission is not allowed in that museum or meeting. Why hardware-mute? To give the museum owner or meeting chair confidence that my device isn't compromised so he'll allow me to use it to look up locally-stored data and take written notes.
If I'm in an airplane, I'll cut off whatever components the pilot asks me to in hardware.
As long as malware that can turn these things on exists, why should a museum, meeting chair, pilot, or the FAA trust my phone to not violate the rules unless the phone is built in a way that there's an obvious way to follow the rules without removing the battery.
Outside of these situations, I'll probably have abusable features like the mic and camera hardware-off when I'm not using them.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Business users may want immutable logs by davidwr · 2012-09-30 02:07 · Score: 2

Security-minded businesses or governments may want their phones to include a separate computer in the phone that logs the time and, if available, GPS location any time the mic or camera is turned on and perhaps data relating to radio use, with the information stored in a place that the regular phone hardware and softare can't get to. This will provide evidence if an employee is accused of misusing his phone to record things he shouldn't be recording or, if the employee denies the act, evidence that the phone may be compromised.
Totalitarian governments may want all phones to record all I/O and send copies to a central police agency. Or at least they'll want their citizens to think their phones do this to deter use of the device for anti-government purposes.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Where Google Glass will take us by Zaphod-AVA · 2012-09-30 02:14 · Score: 2

These kind of thoughts make the Google glass project fascinating and terrifying. Street View the world. Capture all the print material. How much more?
Tell me again by medcalf · 2012-09-30 02:23 · Score: 2

About how walled gardens are bad?

--
-- Two men say they're Jesus. One of them must be wrong. - Dire Straits
1. Re:Tell me again by couchslug · 2012-09-30 03:03 · Score: 2
  
  Garden Walls can be breached by software.
  HARDware switches are a different barrier altogether.
  Software switches trade convenience for security.
  I'd like to see MORE software breaches to coerce the provision of hardware switches.
  
  --
  "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
2. Re:Tell me again by knarf · 2012-09-30 03:33 · Score: 2
  
  Once you're over the wall, you have free reign over everything inside? This compared to the permission-based model used in eg. Android, where applications need explicit permission to access certain devices, services and data. Of course a 'root' user on both systems can do whatever they please. And, as can be seen from the paper, some of those permissions are to coarse-grained to be effective in stopping
  This is not a matter of 'Apple' vs 'Android' vs the rest. They chose Android 'for practical reasons' ('We implemented on Android for practical reasons, but we expect such malware to generalize to other platforms such as iOS and Windows Phone.'), most likely because it is an easy and flexible platform to develop and implement for - just download the SDK, allow external sources and away you go.
  
  --
  --frank[at]unternet.org
Re:Street view by dmacleod808 · 2012-09-30 02:24 · Score: 2

Have you seen how street view works? Obviously not, AC. It uses a camera OUTSIDE of the car to take pictures of the entire range in view of the camera, including the sky. Your plan makes for terrible pictures through people dirty windshields.

--
There Can Be Only One...
Who points there phone at everything? by Zero__Kelvin · 2012-09-30 02:30 · Score: 2

From the summary:

" the software can identify financial data, bar codes, and QR codes. "
Either Hugh Pickens didn't read the pdf or he is trying to intentionally misinform. A simple glance at the 1 Megapixel reconstruction shows that this would be impossible.

I actually think this is about getting Navy funding, because their entire premise - that people walk around pointing their phones at everything around them, is absurd. 99% of the pictures you would get from my phone would be useless, and consist of pictures that are of the ceiling, blacked out because my phone is on the table, blacked out because my phone is in my pocket, blacked out because my finger is over the camera lens as I talk, or blurry from the motion of moving it from the table or pocket to my ear.

--
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Re:Accurate measurements? by drkim · 2012-09-30 02:37 · Score: 4, Interesting

Have you tried 123D Catch from Autodesk? It builds a 3D model from a few photos. Free:
http://www.123dapp.com/catch
very bad by kenorland · 2012-09-30 04:39 · Score: 3, Insightful

Taking pictures in your private space may be embarrassing and may expose your mistress or illegal pot plants to the world, but as far as burglars go, it is irrelevant: they can tell easily whether your house is worth breaking into from the outside. And the idea that a bunch of dim-wit burglars are using poor quality 3D models to plan their heist wouldn't even fly as a movie plot.
This project strengthens the ludicrous idea in people's heads that photography is somehow a significant threat to safety or security. Photographic documentation is an extremely important part of modern democracy, and projects like these threaten the ability of people to take pictures.