Hijacked smartphone camera spies on your world
12:33 1 October 2012 Hal Hodson, technology reporter

(Image: Joos Mind/Getty Images)

We tend to imagine that cybercriminals want to target our digital lives, aiming to steal credit card numbers and email accounts as we exchange them for services online. Now they have an easy route into your physical life too - by hijacking your smartphone's camera.

Malware called PlaceRaider, developed by academics at the Naval Surface Warfare Centre in Indiana and at Indiana University, takes control of a smartphone's camera, relaying information about the target's physical environment back to the thief. The PlaceRaider malware could be hidden inside a custom-made, innocuous-looking app, something like Instagram or Hipstamatic that would be downloaded by a large number of users, the researchers say.

(Image: Naval Surface Warfare Center)

Capturing information from the camera continuously would generate tens of megabytes of data every minute, quickly overwhelming the phone's communication channels, filling up its storage space and preventing any further monitoring. Instead, the researchers, led by Robert Templeman from the Naval Surface Warfare Centre, use the device's gyroscope and accelerometer to instruct the malware to take pictures only when it will be useful to the attacker, avoiding recording when the phone is still and upside down in a person's pocket, for instance.

The malware then sends those collected images to the PlaceRaider command and control centre, where the images are knitted into a 3D model that the thief can examine at their leisure to find valuable objects or information. To make sure the victim is unaware their smartphone is snapping away, PlaceRaider mutes the telltale sounds of the shutter closing and also covers up the preview picture that normally appears when a photo has been taken.

Although this sounds scary, it seems likely that a professional thief wouldn't need to bother scoping out any normal mark to such an extent, and probably wouldn't have the hacking skills required to do so anyway. However, for high-profile cases of corporate espionage, the CEO's smartphone might be one way for nefarious organisations to spy on valuable company secrets.
Reference: http://arxiv.org/abs/1209.5982