U.S. Naval Surface Warfare Center helps create app to secretly monitor, reconstruct user environment in 3D
By Madison Ruppert
Editor of End the Lie
Here at End the Lie we have covered a great deal of highly questionable smartphone software, as well as the fact that current software can easily be leveraged as a surveillance tool and games have even been created which use “soft control” to encourage citizen spying.
New technologies are going to make ultra-precise location information the norm which is especially troubling since our government claims that such data is not protected by the Constitution.
It just gets worse when we realize that mobile phone companies are responding to massive amounts of government requests and scientists have demonstrated the ability to accurately predict future movements based on location data.
Now the United States Naval Surface Warfare Center in Crane, Indiana, in concert with researchers at Indiana University, have created a brand new kind of malicious software known as “visual malware” with their program named “PlaceRaider.”
Visual malware is capable of secretly recording and then reconstructing the environment surrounding a user in full 3D.
“This then allows the theft of virtual objects such as financial information, data on computer screens and identity-related information,” according to the Physics arXiv Blog.
However, it seems that this type of technology would be best for creating a 3D model of a target’s location thus allowing for the military or law enforcement to better carry out raids or searches as seems to be implied by the PlaceRaider name.
Robert Templeman, of the Naval Surface Warfare Center (see actual paper in PDF format here), said that they have created PlaceRaider as an application capable of running in the background of any and every smartphone utilizing the Android 2.3 operating system.
Their idea gets even more worrisome when one realizes that they intend to embed their malware in a seemingly normal camera application that the user would voluntarily download and run, thus giving the malware the permissions it needs to take photos and send them.
This troubling function is already built in to several popular Android applications as I reported in a previous article.
PlaceRaider would then continue to run in the background, unbeknownst to the surveillance target, taking photographs randomly while also noting the time, location and orientation of the phone in order in order to best create a 3D model of the user’s environment.
The malware even cleverly mutes the target’s phone as pictures are taken in order to prevent the recognizable shutter sound from alerting the user to the fact that their phone is taking pictures.
Then the program carries out some relatively simple image filtering in order to delete blurred or otherwise useless images, such as dark pictures taken from inside a user’s pocket, while sending the good images to a remote server.
The server then reconstructs the photographs into a 3D model of the space surrounding the user allowing those who placed the software to browse their environment looking for useful tidbits of information including potentially private data.
Templeman said that they have already conducted detailed tests of PlaceRaider in order to determine how well it can operate in a realistic environment.
20 subjects – who were completely unaware of the software’s presence – were given smartphones loaded with PlaceRaider and asked to use it for a range of ordinary purposes within an office environment.
The researchers then asked a group of others to see how much information they could gather from the images taken by PlaceRiader, some studying the raw images and other studying the 3D models.
Both groups were asked to outline basic information about the target’s environment like the number of walls, but they were also asked to attempt to locate much more personal and detailed information such as the presence of QR codes and personal checks.
According to Templeman, the 3D models made it much easier for users to steal personal information from the target’s office space than from the raw photographs alone.
“We implemented on Android for practical reasons, but we expect such malware to generalize to other platforms such as iOS and Windows Phone,” said Templeman, meaning that soon enough this kind of disturbing technology could be on just about any smartphone on the market.
Thankfully, Templeman and colleagues offered up a suggestion to increase user security. They said that one of the simplest ways would be to prevent the shutter sound from being muted in all conditions, thus making the user aware of when the camera is taking a picture.
“However that wouldn’t prevent the use of video to record data in silence,” writes the Physics arXiv Blog. “Templeman and co avoid this because of the huge amount of data it would produce but it’s not hard to imagine that this would be less of a problem in the near future.”
One other possibility is an antivirus application for smartphones which actively scans the phone for potential malware and alerts the user.
However, with Carrier IQ on many smartphones already, I seriously doubt that any kind of powerful antivirus software could be developed or approved.
“The message is clear–this kind of malware is a clear and present danger. It’s only a matter of time before this game of cat and mouse becomes more serious,” the Physics arXiv Blog writes.
I would take issue with this statement and argue that we are already there as you can see from the many stories linked above (which are just a small sampling of the reporting I’ve done on this since End the Lie began).
Did I forget anything or miss any errors? Would you like to make me aware of a story or subject to cover? Or perhaps you want to bring your writing to a wider audience? Feel free to contact me at [email protected] with your concerns, tips, questions, original writings, insults or just about anything that may strike your fancy.