Meet the Android app that secretly records your environment and reconstructs it as 3D model for malicious users to browse

“Today Robert Templeman at the Naval Surface Warfare Center in Crane, Indiana, and a few pals at Indiana University reveal an entirely new class of ‘visual malware’ capable of recording and reconstructing a user’s environment in 3D,” Technology Review reports. “This then allows the theft of virtual objects such as financial information, data on computer screens and identity-related information.”

“Templeman and co call their visual malware PlaceRaider and have created it as an app capable of running in the background of any smartphone using the Android 2.3 operating system,” TR reports. “”Their idea is that the malware would be embedded in a camera app that the user would download and run, a process that would give the malware the permissions it needs to take photos and send them.

Read more in the full article here.

MacDailyNews Take: Now, there’s a scary proof of concept!

[Thanks to MacDailyNews Reader “FTB” for the heads up.]

16 Comments

  1. Another reason to avoid Android. As if there wasn’t enough reason to avoid here’s another.

    No Thank You Google! Hope Apple can take away your Ad $$$ some day with free search

  2. Take that APPLE, is your System as OPEN as Android that it even opens to thieves? I think not.
    Apple’s iOS is not only a “CLOSE SYSTEM” to thieves but it also allows users to recover stolen stuff from thieves.
    So: ANDROID=OPEN, iOS=CLOSE, congrats to all the fandroids and their “OPEN” systems.

  3. Guys, it’s a proof of concept. It could just as easily be built for iOS, although getting it through Apple’s store would be harder than getting it into Google’s Play store.

    1. Never say never, but Apple is pretty clear with developers: If you try to hide functionality Apple will eventually find out and destroy the app and your developer status.

    2. they stated that they “could” do this on iOS and windows phones as well.
      BUT there is a big problem… at least with Apple, the app would NEVER get past the screening process. The camera app they made needs permissions that Apple would never approve of.
      MS I doubt would allow it either, maybe… but I doubt it.

      They chose android for a reason…. they COULD get the access needed and they proved they can infect android without the user knowing.

      I found the security article they published also, it mentions iPhone once… in a footnote referring to an article on decoding vibrations. and iOS twice, one time saying that they “think” it could work on iOS… and the second saying neither android or iOS need permissions for an app to access the accelerometer/gyroscope… neither of which are exactly a security issue.

      http://www.thinkdigit.com/Mobiles-and-PDAs/PlaceRaider-Android-malware-spies-through-smartphone-camera_10940.html

      at the bottom is the PDF link to their findings.

      When I saw this this morning, it took me awhile to send this to MDN… I was too busy laughing at Android.

      Money quote.
      –>”We implemented on Android for practical reasons”<–

  4. At the Naval Surface Warfare Center? Maybe this was to be downloaded on the Samsung phones of Korean agents and Zuwei phones of Chinese agents.

    Somebody may be spending some time in the brig for this leak.

  5. Well, as I have learned, Android is great for people who want extensive customization and control. But that also has its risks. iOS is not perfect, but at least it is less likely to get infiltrated by unwanted malware.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.