Malware called PlaceRaider, developed by academics at the Naval Surface Warfare Centre in Indiana and at Indiana University, takes control of a smartphone’s camera, relaying information about the target’s physical environment back to the thief.
The PlaceRaider malware could be hidden inside a custom-made, innocuous-looking app, something like Instagram or Hipstamatic that would be downloaded by a large number of users, the researchers say.
Capturing information from the camera continuously would generate tens of megabytes of data every minute, quickly overwhelming the phone’s communication channels, filling up its storage space and preventing any further monitoring. Instead, the researchers, led by Robert Templeman from the Naval Surface Warfare Centre, use the device’s gyroscope and accelerometer to instruct the malware to take pictures only when it will be useful to the attacker, avoiding recording when the phone is still and upside down in a person’s pocket, for instance.
The malware then sends those collected images to the PlaceRaider command and control centre, where the images are knitted into a 3D model that the thief can examine at their leisure to find valuable objects or information.
To make sure the victim is unaware their smartphone is snapping away, PlaceRaider mutes the telltale sounds of the shutter closing and also covers up the preview picture that normally appears when a photo has been taken.