Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Android Graphics Software Handhelds Privacy Security The Military Technology Build IT

PlaceRaider Builds a Model of Your World With Smartphone Photos 120

Hugh Pickens writes "Neal Ungerleider writes about PlaceRaider, a trojan that can run in the background of any phone running Android 2.3 or above, and is hidden in a photography app that gives PlaceRaider the necessary permissions to access the camera and upload images. Once installed, PlaceRaider quietly takes pictures at random that are tagged with the time, location, and orientation of the phone while muting the phone's shutter sound. Once pictures are taken, PlaceRaider uploads them to a central server where they are knitted together into a 3D model of the indoor location where the pics were taken. A malicious user can then browse this space looking for objects worth stealing and sensitive data such as credit card details, identity data or calender details that reveal when the user might be away. If a user's credit card, bank information, or personal information happen to be out in the open — all the better. — the software can identify financial data, bar codes, and QR codes. End users will also be able to get the full layout of a victim's office or room. The good news? PlaceRaider isn't out in the wild yet. The malware was built as an academic exercise by a team at Indiana University as a proof of concept to show the invasive potential of visual malware beyond simple photo or video uploads and demonstrate how to turn an individual's mobile device against himself (PDF), creating an advanced surveillance platform capable of reconstructing the user's physical environment for exploration and exploitation. 'The message is clear — this kind of malware is a clear and present danger. It's only a matter of time before this game of cat and mouse becomes more serious.'" As malware, it's spooky. But merely as software, this kind of intelligent 3-D imaging is something I'd like to be able to do with my phone.
This discussion has been archived. No new comments can be posted.

PlaceRaider Builds a Model of Your World With Smartphone Photos

Comments Filter:
  • Pocket (Score:5, Insightful)

    by leromarinvit ( 1462031 ) on Sunday September 30, 2012 @08:32AM (#41505721)

    Put your phone in your pocket when not using it. Problem solved.

    • Re:Pocket (Score:5, Funny)

      by Anonymous Coward on Sunday September 30, 2012 @08:44AM (#41505783)

      Put your phone in your pocket when not using it. Problem solved.

      then it will probably generate a 3D model of something else...

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      They could probably simply solve this by making it take pictures at certain intervals and then only submit the ones that have reasonable light to the server. This could of course eat some processing power, so you may notice battery life decrease.
      If you gonna keep your phone in your pocket forever, fine, you won, but what use does it have?

      Actually even that may not be enough. If you can have the locations figured out, that could possibly be enough to make a rough sketch of the house you live in. GPS and 3G l

      • If you gonna keep your phone in your pocket forever, fine, you won, but what use does it have?

        While talking, you can just put your finger on the camera lens. When using it for something else, you can hold it in a way that your hand obscures the camera. And if you don't want to keep it in your pocket, just lay it on a flat surface. The main camera won't see anything, and the front camera will only see the ceiling.

        Actually even that may not be enough. If you can have the locations figured out, that could possibly be enough to make a rough sketch of the house you live in. GPS and 3G locations, add them all together and you may be able to figure out the room layout, special locations like the toilet (even if you just want to annoy a person, figure out when he is on the toilet and then ring his doorbell), you could probably do a good guess on the bedroom (phone doesn't move for several hours?), kitchen (room repeatedly gone to around usual eating hours?).
        Among other things like when you are out of house often.

        Being able to aggregate lots of data on lots of people at the same time would be very nice as a criminal/government.

        Of course, location tracking is scary in and on itself, but it's nothing new. GPS doesn't usually work in buildings unless you're next to a giant window, but they've been doing cell location

    • by vlm ( 69642 )

      Put your phone in your pocket when not using it. Problem solved.

      When talking on it, my relatively featureless "bar of soap" phone has a convenient hole for my pointer finger, that being the camera lens.

      When doing something other than talking on it (99% of the time), you'd get an image of the palm of my hand. I would imagine an automated image analysis of hair distribution on palms of hands would be an interesting research project. (Ahh, I see, 99% of slashdotters have hair on palms, thus 1% of slashdotters are women...)

    • Put your phone in your pocket when not using it. Problem solved.

      Well kind of, but that solution goes to the same bin with fixing a leaking roof by putting buckets all around your house...

      • Is there a better solution? The only thing I can think of would be to review both the hardware and and all software, either yourself or by a trusted 3rd party. As long as you allow untrusted programs (including, potentially, firmware and OS) access to the camera or sensors, there's no way around this.

  • proof of conceptware.

    and even that only if it works.

    I mean, If it works nicely and does the stitching well: they got some other clients than just malware for the tech(as an _idea_ it's not new).

    • From the summary:

      " the software can identify financial data, bar codes, and QR codes. "

      Either Hugh Pickens didn't read the pdf or he is trying to intentionally misinform. A simple glance at the 1 Megapixel reconstruction shows that this would be impossible.

      I actually think this is about getting Navy funding, because their entire premise - that people walk around pointing their phones at everything around them, is absurd. 99% of the pictures you would get from my phone would be useless, and consist of pic

      • Of course it's got military funding - there's more applications than I can think of, including plenty of military ones, they're probably using a malware application to attract publicity and therefore further funding sources and investors.

        Take this for example - the military are currently experimenting with the Kinect as a robot-mounted device as a 3D room scanner and model builder (eg for storming an unfamiliar building). This gives them that ability in a far more compact, low-power package that can be
  • by Anonymous Coward

    Sincerely,

    The NSA, TSA, FBI, CIA, Russian Mafia, Russian Government, Chinese Government, and Pedobear

  • by Joe_Dragon ( 2206452 ) on Sunday September 30, 2012 @08:38AM (#41505755)

    How much data does it use?? as people on capped plan will see a big spike in data uses that may tip them off to software like this.

  • I'd love an apple that allows me to photograph an object from a few angles and have its dimensions calculated. From small things up to rooms. Obviously would need a known reference.

    There are a few apps for Android that try but they are pretty limited.

    • by drkim ( 1559875 ) on Sunday September 30, 2012 @09:37AM (#41506011)

      Have you tried 123D Catch from Autodesk? It builds a 3D model from a few photos. Free:

      http://www.123dapp.com/catch [123dapp.com]

      • More accurately, it builds a 3D model from a lot of photos.

        • by drkim ( 1559875 )

          More accurately, it builds a 3D model from a lot of photos.

          More accurately, it builds inaccurate 3D models from a lot of photos. (But it is free and fun!)

          The biggest problem I ran into with it is shiny objects (which it warns against) but almost everything I wanted to model is shiny.

          • Shiny is a problem. Spray paint can be your friend there.

            I'm always confused why none of the free/open projects have followed the path of extracting objects from video tracking vs photos. I've had pro software for years now that will pull a point cloud off a video. And because you can use frame comparison and use some minor manual tweaks to tell the software when any given point should be ignored for a couple frames it greatly reduces problems caused by shine, reflections and occlusion.

            • by drkim ( 1559875 )

              I'm always confused why none of the free/open projects have followed the path of extracting objects from video tracking vs photos. I've had pro software for years now that will pull a point cloud off a video.

              I actually tried that with 123D Catch. I shot a continuous video around an object and then extracted a string of frames for use by 123D Catch.

              What pro software are you using? I remember one that uses a printout with certain markers on it that you put under the object to help tracking.

              • How did it work for you? 1080p extracts would be somewhat lower than the recommended resolution for 123D, and it's not worth breaking out a 4k camera (and associated workflow) for this.

                I know the one you are talking about (but forget its name off the top of my head) and it's great if your object fits with their tracking pad.

                But you can get good results even with something like SynthEyes.

                • by drkim ( 1559875 )

                  How did it work for you? 1080p extracts would be somewhat lower than the recommended resolution for 123D

                  The final model/output was about the same as using my still camera, but there was the huge 'cost' of doing the frame extraction and conversion.

                  It was just a test. I was imagining doing "drive-by modeling" with my video car-cam.

                  I did a model of Vasquez_Rocks [wikimedia.org] with a simple P&S. That really made me appreciate that you it let you model big things that would be impossible without LIDAR.

      • by AmiMoJo ( 196126 )

        Thanks, looks excellent. Hopefully an Android app will arrive soon, although from the look of it the iOS app only really takes photos and uploads them.

    • by AmiMoJo ( 196126 )

      I'd love an apple

      I would also love if Smart Keyboard Pro came with "app" in the default dictionary.

    • by dbug78 ( 151961 )

      To some degree a known reference would not be necessary. The camera knows how far away the object is by way of autofocus. If the object is far enough away that the focus goes to infinity, then you're SOL.

  • Muting camera... (Score:2, Interesting)

    by Anonymous Coward

    ...while muting the phone's shutter sound.

    Many Android phones require root privilege to mute shutter sound...Some of them allows screenshot of camera preview without it...but not all of them...rooting methods usually differ from phone model to model, and becoming more and more advanced. Some phones have security features like custom LSM modules, NAND tamper checking on boot, or MDM tools built into the kernel. I wonder how this malware dodge this problem.

    • Ah, the old Android fragmentation problem. There's two ways you can look at it.

      1) Good news, because of the fragmentation, the malware won't work on all Androids. Mine might be safe.

      2) Bad news, because of the fragmentation, the malware will work on a lot of Androids. Malware can take a scattergun approach, they'll target whoever does have phones that it works on.

  • by Overzeetop ( 214511 ) on Sunday September 30, 2012 @08:48AM (#41505805) Journal

    I could do without the random pictures and uploading to a rogue site, but I would like to ask that the part where it silences the fake shutter sound be released into the wild, and we all agree not to fix it. My I also request that this no-fake-sounds malware be extended to touch keyboards as well?

    • Re: (Score:2, Offtopic)

      by vlm ( 69642 )

      shutter sound

      There's a whole generation growing up asking "WTF is a shutter?"

      I've noticed a disturbing sharp turn to anachronism in the tech field lately. Its all about the camera shutter, the 5 1/4 inch floppy diskette as a "save" icon, animation of turning pages... Perhaps the next stupid fad will be an animatronic coo coo clock instead of hip hop ringtones. When the mp3 music player/streamer icon is an 8-track tape then we know its the end of the tech world.

      • What's the alternative? A sound of some kind can be very useful when taking a picture - making it unique is also useful, and it doesn't really matter if kids these days don't know the etymology. Ditto saving - it's pretty much an entirely abstract concept these days, but it still needs an icon.

        I've noticed a disturbing sharp turn to anachronism in the tech field lately.

        There's been no "turn" - there's just nowhere else to go.

      • FWIW, one of my friends back in HS (mid 80s) got a job doing some with with a company using Sun(?) workstations. We were both amazed that on such a power workstation, they would display an analog clock.

  • by davidwr ( 791652 ) on Sunday September 30, 2012 @08:53AM (#41505829) Homepage Journal

    This is why I/O components need hardware on/off switches.

    The radio(s), the screen, the touch surface, the camera(s), the speaker, the microphone, the buttons other than of course the "buttons on/off" button need to be either hardware controlled or controlled by immutable, bug-free software.

    If I flip the "camera" switch to off, it should be off, and no software in the world should be able to turn it on.

    Ditto the cellular radio, wifi, screen, speaker, touch surface, most of the buttons, etc. etc.

    If the phone has a master power off button or switch, turning it off should be pretty much like removing the battery except the "turn phone on" button would still work. Not even the "wake on alarm" or "wake on LAN" functions should work. If you need those functions, use the "regular" on/off button, not the "master on/off" button or switch.

    Computers and other electronics should have similar on-off buttons. At a minimum, they should have a "master power" button and, typically, a "normal" on/off button. "Normal" being what we normally think of as "on/off" - most functions off but a few, like wake-on-certain-events, turned on.

    • If my phone is "on" I want the option to individually turn off the mic, speaker, radios, and cameras in a non-overrideable way.

      If I'm in a museum or meeting, I'll hardware-mute the speaker and possibly the mic, camera, and radios if recording or radio transmission is not allowed in that museum or meeting. Why hardware-mute? To give the museum owner or meeting chair confidence that my device isn't compromised so he'll allow me to use it to look up locally-stored data and take written notes.

      If I'm in an air

    • Security-minded businesses or governments may want their phones to include a separate computer in the phone that logs the time and, if available, GPS location any time the mic or camera is turned on and perhaps data relating to radio use, with the information stored in a place that the regular phone hardware and softare can't get to. This will provide evidence if an employee is accused of misusing his phone to record things he shouldn't be recording or, if the employee denies the act, evidence that the pho

    • by mrmeval ( 662166 )

      There is a hardware fix for the camera, it's called duct tape. You can get it in a variety of trendy colors.

      http://www.youtube.com/watch?v=UCzXbz47Zpw [youtube.com]

    • immutable, bug-free software

      Good luck with that. Hardware switches are the only thing I trust...

  • by Compaqt ( 1758360 ) on Sunday September 30, 2012 @08:56AM (#41505843) Homepage

    Found this off a search for "cheapest Nokia":

    "The Nokia 103 [intomobile.com] is dust resistant, comes with an âoeanti-scratch coverâ, has a 1.36 inch black and white display, flashlight, an FM radio (requires a headset), and an 800 mAh battery that should give you 27 days of standby time or 11 hours of talk time. Size and weight: 107.2 mm x 45.1 mm x 15.3 mm; 77 grams."

    16 Euros or $21. No camera.

    'nuff said.

    • Very nice phone. It's like the good old Nokia 3310.
    • I like this kind of phones, but they might be too good for some countries. It is sad how hard it is to find a black and white phone (i.e. great visibility under direct sunlight) nowadays. I live in the UK and a while ago I was shopping for a Nokia 1200 (a similar phone). No way. I could only find 1208s (i.e. color display). At the end I had to buy it in Italy.
  • by Anonymous Coward

    Street view should work something like this... send people a car docking station that takes pictures as they drive around. Use software to stitch pictures together. Pay them with App Store credit for pictures that end up part of the street view.

    • Have you seen how street view works? Obviously not, AC. It uses a camera OUTSIDE of the car to take pictures of the entire range in view of the camera, including the sky. Your plan makes for terrible pictures through people dirty windshields.
  • by Zaphod-AVA ( 471116 ) on Sunday September 30, 2012 @09:14AM (#41505913)

    These kind of thoughts make the Google glass project fascinating and terrifying. Street View the world. Capture all the print material. How much more?

  • by medcalf ( 68293 ) on Sunday September 30, 2012 @09:23AM (#41505951) Homepage
    About how walled gardens are bad?
    • Garden Walls can be breached by software.

      HARDware switches are a different barrier altogether.

      Software switches trade convenience for security.

      I'd like to see MORE software breaches to coerce the provision of hardware switches.

    • I'm pretty sure you could get this through even Apple's curation, buy actually describing what it does and advertising it as a feature. "Build a model of your world" as you use your phone. Properly marketed, people will install anything. The only part you don't tell people is what you do with the images you create. This same abuse could be done by any app that uploads pictures to a hosted repository, the only new thing is that this takes the pictures at random.

    • by knarf ( 34928 )

      Once you're over the wall, you have free reign over everything inside? This compared to the permission-based model used in eg. Android, where applications need explicit permission to access certain devices, services and data. Of course a 'root' user on both systems can do whatever they please. And, as can be seen from the paper, some of those permissions are to coarse-grained to be effective in stopping

      This is not a matter of 'Apple' vs 'Android' vs the rest. They chose Android 'for practical reasons' ('We

    • First tell me how this has *anything* to do with walled gardens. Then I'll tell you how letting a massive corporation do your thinking for you can be bad.

    • How walled gardens are good?

      Given how Apple has had it's fair share of malware in its appstore in the past?

  • This would be a fantasic app (without the rogue upload of course) if you could then ask it where items are. Arrive home without your credit card, lost your keys, need to find where you left a tool that you didn't put away 6 months ago?
  • This type of service could be particularly useful if packaged along with some anti-theft software. For example, services like Prey [preyproject.com] already take pictures using their application on the device, but if combined with the ability to create a 3D model of the environment this could be even more useful in tracking down your hardware's location.
  • very bad (Score:4, Insightful)

    by kenorland ( 2691677 ) on Sunday September 30, 2012 @11:39AM (#41506743)

    Taking pictures in your private space may be embarrassing and may expose your mistress or illegal pot plants to the world, but as far as burglars go, it is irrelevant: they can tell easily whether your house is worth breaking into from the outside. And the idea that a bunch of dim-wit burglars are using poor quality 3D models to plan their heist wouldn't even fly as a movie plot.

    This project strengthens the ludicrous idea in people's heads that photography is somehow a significant threat to safety or security. Photographic documentation is an extremely important part of modern democracy, and projects like these threaten the ability of people to take pictures.

    • The idea that the US and/or Israeli governments would write a virus specifically to have a subtle effect on computers running Iran's nuclear centrifuges is equally B-movie material. And yet with Stuxnet, it happened.

      Now imagine how useful this malware would be if directed towards specific espionage targets.

      • Police and other agencies already can remotely enable the microphone on your cell phone; there's nothing to "imagine" there. They can do that bypassing the smartphone OS.

        When it comes to the smartphone OS itself, they almost certainly can also install whatever they want already, because they can run man in the middle attacks on your phone and have access to private keys for software packages. "This" (as in the article) isn't relevant or new.

  • Their whole theoretical plan, assuming the part about the phone taking pictures of its surroundings and uploading them without the user noticing actually works, still sounds like nonsense to me, because there is likely to be little connection between the types of criminals who hack phones and the ones who break into houses and steal things.

    If you are the type to break into houses and steal things, then you are probably focused on a relatively small geographical area - you need a connection to the type of cr

  • who saw the thread title, and clicked on it thinking it was going to be an extremely neat proof of concept that people would want to have running on their phones, to upload maps of places they've been to some central location, creating a crowdsourced repository of floorplans of every building on the planet? Cause that would actually be kinda cool. (Obviously you wouldn't post the actual -images-, preferably the phone would do the datacrunching itself, and just send processed data to be converted into floorp

  • That's why they've been selling belt holsters for mobile phones all of these years!

This is clearly another case of too many mad scientists, and not enough hunchbacks.

Working...