PlaceRaider

PlaceRaider: Virtual Theft in Physical Spaces with Smartphones

A new strain of sensory malware has been developing that leverages these sensors to steal information from the physical environment (e.g., researchers have recently demonstrated how malware can listen for spoken credit card numbers through the microphone, or feel keystroke vibrations using the accelerometer).

Abstract

As smartphones become more pervasive, they are increasingly targeted by malware. At the same time, each new generation of smartphone features increasingly powerful onboard sensor suites. A new strain of sensory malware has been developing that leverages these sensors to steal information from the physical environment (e.g., researchers have recently demonstrated how malware can listen for spoken credit card numbers through the microphone, or feel keystroke vibrations using the accelerometer). Yet the possibilities of what malware can see through a camera have been understudied. Our work introduces a novel visual malware called PlaceRaider, which allows remote attackers to engage in remote reconnaissance and what we call virtual theft. Through completely opportunistic use of the camera on the phone and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments. Remote burglars can thus download the physical space, study the environment carefully, and steal virtual objects from the environment (such as financial documents, information on computer monitors, and personally identifiable information). Through two human subject studies we demonstrate the effectiveness of using mobile devices as powerful surveillance and virtual theft platforms, and we suggest several possible defenses against visual malware.

For more information on our defensive work see our Vision for Privacy project page.

People

Faculty

Apu Kapadia, Indiana University

David Crandall, Indiana University

PhD Students

Robert Templeman

Zahid Rahman

REU Students

Steven Armes

Publications

Conference paper:
Robert Templeman, Zahid Rahman, David Crandall, and Apu Kapadia,
“PlaceRaider: Virtual Theft in Physical Spaces with Smartphones,”
In Proceedings of The 20th Annual Network & Distributed System Security Symposium (NDSS ’13),
San Diego, CA, February 24–27, 2013.
(bibtex)(isoc)

Technical report:
Robert Templeman, Zahid Rahman, David Crandall, and Apu Kapadia,
“PlaceRaider: Virtual Theft in Physical Spaces with Smartphones,”
CoRR arXiv Technical Report arXiv:1209.5982, September 2012.
(bibtex)

Demo Video

Radio and TV Interviews

WFHB Firehouse Broadcasting, Bloomington Area, Special Report, October 26th, 2012.
WGN Radio, Chicago, Live with Mike McConnell, October 3rd, 2012.
WFIU – Bloomington NPR affiliate, October 2nd, 2012.
WTIU – Bloomington PBS affiliate, October 2nd, 2012.

Interviews, Quotes

Daily Caller, October 2nd, 2012.
Naked Security – Sophos, October 2nd, 2012.
eWeek, September 28th, 2012.

Media Coverage

Business Line, Feb 20, 2013.
eWeek, Feb 17, 2013.
Slashdot (links to Washington Times article), Jan 7, 2013.
PopSci: Popular Science Gadgets Blog, Jan 2, 2013.
MIT Technology Review arXiv Blog’s “Best of 2012”, Jan 1, 2013.
Security and Mobility Now, Juniper Networks, October 30th, 2012.
Idaho Press-Tribune, October 30th, 2012.
Kaspersky Safeguarding Me Blog, October 19th, 2012.
Crypto-Gram Newsletter by Bruce Schneier (linked to Gizmodo article), October 15th, 2012.
FierceMobileIT, October 14th, 2012.
PC Advisor, October 12th, 2012.
CNET Australia, October 10th, 2012.
TechRepublic, October 9th, 2012.
Dark Reading, October 8th, 2012.
Government Computer News Blog, October 5, 2012.
Techdirt, October 5th, 2012.
Computer World, October 4th, 2012.
The Daily, October 4th, 2012.
Beaufort Observer, October 3rd, 2012.
ACM TechNews (linked to eWeek article), October 3rd, 2012
The Drudge Report (linked to Washington Times article), October 2nd, 2012.
Fox News, October 2nd, 2012.
GCN (Government Computer News), October 2nd, 2012.
H Security, October 2nd, 2012.
Ping! Zine, October 2nd, 2012.
Red Orbit, October 2nd, 2012.
Spiegel Online (German), October 2nd, 2012.
Washington Times, October 2nd, 2012.
Christian Post, October 1st, 2012.
Daily Mail (UK), October 1st, 2012.
The Escapist Magazine, October 1st 2012.
FirstPost Technology, October 1st, 2012.
HLN, October 1st, 2012.
International Business Times, October 1st, 2012.
NewScientist, October 1st, 2012.
The Register, October 1st, 2012.
Schneier on Security, October 1st ,2012.
Slash Gear, October 1st, 2012.
Tech News Daily, October 1st, 2012.
thinkdigit, October 1st, 2012.
threat post, October 1st, 2012.
Times of India, October 1st, 2012.
Yahoo! News, October 1st, 2012.
Geeky Gadgets, September 30th, 2012.
I PROGRAMMER, September 30th, 2012.
PCWorld, September 30th, 2012.
Peta Pixel, September 30th, 2012.
Slashdot, September 30th, 2012.
The Atlantic, September 29th, 2012.
Softpedia, September 29th, 2012.
The New York Observer – BetaBeat, September 28th, 2012.
Business Insider, September 28th, 2012.
eSecurity Planet, September 28th, 2012.
Fast Company, September 28th, 2012.
Gizmodo, September 28th, 2012.
tecca, September 28th, 2012.
MIT Technology Review, September 28th, 2012.
ubergizmo, September 28th, 2012.
V3 – The Frontline, September 27th, 2012.

Acknowledgement

This material is based upon work supported by the National Science Foundation under Grant No. 1016603. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.