Friday, November 9, 2012

Hải quân Mỹ có thể biến điện thoại thông minh của bạn thành một công cụ gián điệp

US Navy Can Turn Your Smartphone Into a Spy
Is your cellphone spying on you?
If it isn’t now, it may well be soon, thanks to a new piece of malware developed by the US Navy and called PlaceRaider, which allows them to remotely produce 3D models of whatever room an infected phone is currently in, using the camera and other censors to map out intimate parts of your life.
The developed app is Android specific, and was shown to be effective at stealing personal financial information, listening in on phone conversations, even stealing keystrokes from a nearby keyboard though the use of the phone’s accelerometer.
Deploying the app wouldn’t necessarily be all that difficult, as it could be embedded in another app for, say, a popular phone game and the end user would never realize it had been installed, let alone that it was currently running.
The malware was developed by the Naval Surface Warfare Center with a grant from the National Science Foundation, and is supposed to be a proof of concept of the bad things a criminal could theoretically do with a smartphone virus. At the same time it seems a proof of concept for the bad things the US Navy can already do with its own brand new virus.
-----------

New software uses smartphone camera for spying

By Shaun Waterman

The malware, dubbed “PlaceRaider,” “allows remote hackers to reconstruct rich, three-dimensional models of the smartphone owner’s personal indoor spaces through completely opportunistic use of the camera,” the researchers said in a study published last week.
The program uses images from the camera and positional information from the smartphone’s gyroscopic and other sensors to map spaces the phone’s user spends a lot of time in, such as a home or office.
“Remote burglars” could use these three-dimensional models to “study the environment carefully and steal virtual objects [visible to the camera] … such as as financial documents [or] information on computer monitors,” the researchers reported.
The program they developed for research purposes easily could be disguised by a malicious user as an app — the programs that run on smartphones — and unwittingly downloaded by victims, according to the study, which first was reported by the newsblog ThreatPost.
Because users often do not realize that a smartphone is basically a small computer, and because there are few security products available, smartphones are considered highly vulnerable to hackers.
Commercial software, for instance, can turn smartphones into microphones and tracking devices.
But PlaceRaider is the first known example of malware developed to exploit the high-definition cameras that are now ubiquitous on smartphones.
The study was a collaboration between the Navy center team and researchers from the School of Informatics and Computing at Indiana University.
© Copyright 2012 The Washington Times, LLC. About the Author
Shaun Waterman

Shaun Waterman

Shaun Waterman is an award-winning reporter for The Washington Times, covering foreign affairs, defense and cybersecurity. He was a senior editor and correspondent for United Press International for nearly a decade, and has covered the Department of Homeland Security since 2003. His reporting on the Sept. 11 Commission and the tortuous process by which some of its recommendations finally became ...
---

PlaceRaider app lets phone camera spy on people

 Malware that runs on Android cell phones and can let attackers perform remote reconnaissance and virtual theft is the handiwork of academic and military researchers.

They call it "visual malware" dubbed PlaceRaider that uses the phone's camera and other sensors to create three-dimensional models of indoor environments that bad guys could download, study and use to steal "virtual objects" such as financial documents, information on computer monitors, and personal information.
The software even shuts off the phone’s speaker so someone being spied on doesn’t hear the typical sound a device emits when a photo is taken.
The app follows up on other nefarious tools created by researchers.
The Soundminer malware was designed to listen in on phone conversations and use speech recognition to decode credit card and PIN details that users might mention when calling their bank, for example. It also was designed to recognize and decode tones heard when keys are pressed.
Also, a team of researchers at Georgia Tech created pirate software that used a smartphone accelerometer to steal keystrokes from a nearby keyboard.
So should you worry about your phone spying on you? Hardly.




These researchers get paid to do this stuff and they have vast resources at their fingertips. While they can prove phones are capable of doing these kinds of tricks, and even if doing so gives real criminals ideas, the average hacker can’t pull off such shenanigans on his own.
Even if the bad guys could, imagine the vast amount of data they would have to cull through to find a single bank statement you might have displayed on your computer screen that your phone’s camera happened to capture surreptitiously.
PlaceRaider was created thanks to a grant from the National Science Foundation awarded to researchers from the school of Informatics and Computing at Indiana University in Bloomington, Ind., and the Naval Surface Warfare Center in Crane, Ind.
Check out the paper (PDF) that outlines, in full, what they accomplished

No comments:

Post a Comment