Your smartphone could be made to spy on you. Michael Mimoso, writing at ThreatPost.com reports: Mobile malware has largely been limited to Trojans buried inside a malicious app targeting sensitive data stored on the phone such as email, contact information and SMS messages. A new proof-of-concept piece of malicious software, however, expands the scope of mobile malware and essentially turns an Android device into a surveillance tool, bringing a while new range of security and privacy implications into the equation.
Researchers from the U.S. Naval Surface Warfare Center have developed malicious software that can remotely seize control of the camera on an infected smartphone and employ it to spy on the phone's user.
The malware, dubbed "PlaceRaider," "allows remote hackers to reconstruct rich, three-dimensional models of the smartphone owner's personal indoor spaces through completely opportunistic use of the camera," the researchers said in a study published last week.
The program uses images from the camera and positional information from the smartphone's gyroscopic and other sensors to map spaces the phone's user spends a lot of time in, such as a home or office.
"Remote burglars" could use these three-dimensional models to "study the environment carefully and steal virtual objects [visible to the camera] … such as as financial documents [or] information on computer monitors," the researchers reported.
The program they developed for research purposes easily could be disguised by a malicious user as an app — the programs that run on smartphones — and unwittingly downloaded by victims, according to the study, which first was reported by the newsblog ThreatPost. Click here to read the rest of the story.
Click here for a more technical discussion, including the currently available defenses against clandestine control of the sensors (video and audio) on your smartphone.
At the risk of getting to technical, we would remind our readers what we have previously said about the so-called "Smart Grid." One of the problem hackers face in using malware such a PlaceRaider is obtaining the capability to transmit the data collected by the camera or microphone on a smartphone. Such devices do hook up to the internet, and some do so automatically. A Trojan can then transmit the data to the hacker. But typically the first line of defense is to interject a firewall against such transmissions using the smartphones internet connection. A more effective hacking approach might be the use of a SmartGrid network to receive data from a nearby smartphone and then the hacker taps the SmartGrid to access the data. A simple protocol such a Bluetooth can be used to do that.
In fact Bluetooth is a major vulnerability in the SmartGrid. Bluetooth is a technology for short range communication between devices. And it often operates without the user knowing about it. All that is need is for the smartphone to be relatively close (10-15 feet) from a device hooked up to the location's electrical system or in some cases, simply close enough to electrical wiring on a location.
Another technique that is theoretically possible is for a hacker to gain access to data captured by your smartphone when you plug it into the electrical system to charge it. But the same vulnerability exists with laptops and desktops when they are plugged into the electrical system. Instances have already been discovered where snoopers have accessed the webcams on computers via use of the electrical system. In addition, invisible (to the human eye) can be used to communicate with a computer through its infrared devices or even through the monitor. Laser surveillance is now a common practice used by the FBI,DHS and other law enforcement agencies.