Link #1: http://threatpost.com/en_us/blogs/new-android-malware-app-turns-phone-surveillance-device-100112?utm_source=Threatpost&utm_medium=Left+Sidebar&utm_campaign=Most+Commented
Up until now mobile malware has been used almost exclusively to steal data from inside a person's phone, and perhaps the data they have stored in the cloud. Recently though, the game has changed. Michael Mimoso, a writer for ThreatPost.com, details the latest in mobile malware which has come from the Naval Surface Warfare Center and Indiana University’s School of Informatics and Computing. Researchers at the school have created a sophisticated method that utilizes a low tech attack to gain control of a few of the features of Android smartphones. This attack turns the phone into a surveillance tool. The software, named PlaceRaider, is being dubbed as "visual malware", a term coined by the researchers. According to the article, "PlaceRaider exploits innate weaknesses in Android to use the phone’s camera to surreptitiously take photographs, and send that data off to a command and control server where an attacker could build a 3D model of the victim’s environment." This allows the controller to get a picture of the phone owner's surroundings and the objects within the surroundings.
Once a user has installed a malicious camera application infected with PlaceRaider onto their phone, the malware controller's C&C server is notified and the attacker can begin modeling the users surrounding environment. In tests, barcodes, personal information, credit card information, and other sensitive data was able to be picked up. The creators, Robert Templeman, Zahid Rahman, David Crandall and Apu Kapadia upped the ante on spying with smartphones. Previous malware allowed attackers to listen in with a phones microphone, but now this malware allows its controllers to have eyes on the phones surroundings. Additionally, it has the capability to perform this task remotely. In their paper, the authors write, “We show how PlaceRaider allows remote hackers to reconstruct rich three-dimensional models of the smartphone owner’s personal indoor spaces through completely opportunistic use of the camera."
The news is not all bad though. It seems the makers of PlaceRaider share one big concern of all smartphone readers, battery life. They were considerate enough to build into their software the ability to analyze each image to weed out “redundant and uninformative images” before they are sent out to the malware controller. This is done by applying a set of algorithms to each image. Once complete, "the analysis sets a threshold for images, and discards any that fall below in order to lessen the burden on the phone for transmission and power consumption." Of course this malware was created in a research environment, and we can't be so sure that real criminals will be so considerate to their potential victims.
To read the full write-up by the researchers follow this link.
Up until now mobile malware has been used almost exclusively to steal data from inside a person's phone, and perhaps the data they have stored in the cloud. Recently though, the game has changed. Michael Mimoso, a writer for ThreatPost.com, details the latest in mobile malware which has come from the Naval Surface Warfare Center and Indiana University’s School of Informatics and Computing. Researchers at the school have created a sophisticated method that utilizes a low tech attack to gain control of a few of the features of Android smartphones. This attack turns the phone into a surveillance tool. The software, named PlaceRaider, is being dubbed as "visual malware", a term coined by the researchers. According to the article, "PlaceRaider exploits innate weaknesses in Android to use the phone’s camera to surreptitiously take photographs, and send that data off to a command and control server where an attacker could build a 3D model of the victim’s environment." This allows the controller to get a picture of the phone owner's surroundings and the objects within the surroundings.
Once a user has installed a malicious camera application infected with PlaceRaider onto their phone, the malware controller's C&C server is notified and the attacker can begin modeling the users surrounding environment. In tests, barcodes, personal information, credit card information, and other sensitive data was able to be picked up. The creators, Robert Templeman, Zahid Rahman, David Crandall and Apu Kapadia upped the ante on spying with smartphones. Previous malware allowed attackers to listen in with a phones microphone, but now this malware allows its controllers to have eyes on the phones surroundings. Additionally, it has the capability to perform this task remotely. In their paper, the authors write, “We show how PlaceRaider allows remote hackers to reconstruct rich three-dimensional models of the smartphone owner’s personal indoor spaces through completely opportunistic use of the camera."
The news is not all bad though. It seems the makers of PlaceRaider share one big concern of all smartphone readers, battery life. They were considerate enough to build into their software the ability to analyze each image to weed out “redundant and uninformative images” before they are sent out to the malware controller. This is done by applying a set of algorithms to each image. Once complete, "the analysis sets a threshold for images, and discards any that fall below in order to lessen the burden on the phone for transmission and power consumption." Of course this malware was created in a research environment, and we can't be so sure that real criminals will be so considerate to their potential victims.
To read the full write-up by the researchers follow this link.
No comments:
Post a Comment