PlaceRaider: 3D Visual Malware from Military Research

Monday, October 01, 2012

Pierluigi Paganini

03b2ceb73723f8b53cd533e4fba898ee

(Translated from the original Italian)

It's known that military sector represents a privileged incubator for new technologies than in many cases are subsequently used in civil.

The mobile sector represents one of the most vulnerable environments due the lack of awareness on cyber threats and the increasing number of malware that are affecting devices devoid of any defense system.

These weakness are exploited by cybercrime for frauds and by governments for cyber espionage purposes.

People ignore the power of modern smartphone, equipped with sophisticated processors, GPS module, motion sensors, a microphone, a gyro and high definition cameras ...what could happen if an ill-intentioned attacker takes control of these components?

We have already read about the existence of software to spy on victims that are able to record communications and movements but the Naval Surface Warfare Center in Crane, Indiana in collaboration with researchers at Indiana University created a new  type of 'visual malware'. The malware is able activate remotely the camera to  acquire images reconstructing the user's environment in 3D.

This category of malicious code opens up a physically intrusive attack space by abusing the on-board components of a user's smartphone that give malware the ability to observe the physical environment around the phone, allowing attackers to go beyond simply stealing the electronic data stored on the phone.

Reworking the 3D model of user's space the attackers could acquire interesting info on the morphology of the environment and on the objects inside, it could also acquire snapshot of personal documents scattered on a desktop or for example retrieve info from a wall calendar that shows user plans for the month.

The possible implication are very interesting, the law enforcement for example could acquire information on environment of a person under investigations, but cyber criminals could use the same information to have a detailed 3D map of their victim's environment. The researchers have named the malware PlaceRaider and it is able to infect smartphone using the Android 2.3 OS.

The OS is not a constraint, in fact the developers declared that the malware could be adapted to be multiplatform and to infect others famous OS such as iOS and Windows Mobile.

The PlaceRaider App requires several access permissions from the host OS in particular permission to access the camera and to send data to control server , but fortunately all of these permissions would be needed for an innocent enhanced camera application, so asking the user for them is unlikely to arouse suspicion.

The malware takes randomly pictures analyzing location and orientation of the mobile, and of course the time, and it is able also to discard all those picture captured that are useless, like the ones took from the user's pocket, discarding them before the transfer to command server, on-board preprocessing performs gross data reduction and packaging for transmission.

Data reduction and transmission is a core component of the app because images are taken surreptitiously and opportunistically, and majority of them have a very low quality or are redundant . The app select a minimal subset of images to send to the control server with the intent to preserve network bandwidth and storage space, the central server elaborates all the pictures reconstructing a 3D model of the user's environment.

A thief for example could use these information to make a reconnaissance to acquire useful information for planned theft.

"PlaceRaider is the first example of sensory malware that threatens privacy in a more general manner using a combination of sensors, showing that through virtual theft a malicious actor can explore personal spaces and exploit or steal a plethora of sensitive information."

Robert Templeman, that leads the group of developers, has demonstrated the results of the tests conducted over 20 individuals, the mobile were successfully infected and the researchers were able to build detailed 3D models of the victim's environments.

The server side 3D engine provides a powerful exploration tool for the navigation of user's space and the possibility to search for a specific object or detail simply selecting an area, the system in fact is able to recognize the area and to search for all those images related like shown in the next figure.

 

The group of researchers demonstrated that accurate 3D models can be created from opportunistically created photos taken by a smartphone camera as the device undergoes normal use.

 

In the next future similar sensory malware will be sensibly improved, let's think for example that it is possible to reduce data stored or bandwidth, a further evolution could be the possibility to equip the malware with a library of pre-defined objects to improve the recognition phase specifing the analysis to a set of objects of interest. The authors think for example to the introducing of optical character recognition or bar code recognition to glean text and other sensitive data from the scene.

How can we defend ourselves?

It's fundamental to increase the level of awareness on cyber threats in mobile environments, these devices are powerful computation machine and must be protected in the proper way. It's desirable that an information campaign is started soon to spread best practices for use of mobile and to invite users to adopt necessary defense systems.

Mobile devices are an extension of our senses, is an obligation to protect them!

Pierluigi Paganini

 

References

http://securityaffairs.co/wordpress/9050/cyber-crime/placeraider-the-3d-visual-malware-from-military-research.html

Possibly Related Articles:
10765
Infosec Island Viruses & Malware
malware Research Military Cyber Security Espionage multi-platform PlaceRaider
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.