PlaceRaider

PlaceRaider: Virtual Theft in Physical Spaces with Smartphones

A new strain of sensory malware has been developing that leverages these sensors to steal information from the physical environment (e.g., researchers have recently demonstrated how malware can listen for spoken credit card numbers through the microphone, or feel keystroke vibrations using the accelerometer).

Abstract

As smartphones become more pervasive, they are increasingly targeted by malware. At the same time, each new generation of smartphone features increasingly powerful onboard sensor suites. A new strain of sensory malware has been developing that leverages these sensors to steal information from the physical environment (e.g., researchers have recently demonstrated how malware can listen for spoken credit card numbers through the microphone, or feel keystroke vibrations using the accelerometer). Yet the possibilities of what malware can see through a camera have been understudied. Our work introduces a novel visual malware called PlaceRaider, which allows remote attackers to engage in remote reconnaissance and what we call virtual theft. Through completely opportunistic use of the camera on the phone and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments. Remote burglars can thus download the physical space, study the environment carefully, and steal virtual objects from the environment (such as financial documents, information on computer monitors, and personally identifiable information). Through two human subject studies we demonstrate the effectiveness of using mobile devices as powerful surveillance and virtual theft platforms, and we suggest several possible defenses against visual malware.

For more information on our defensive work see our Vision for Privacy project page.

People

Faculty

Apu Kapadia, Indiana University

David Crandall, Indiana University

PhD Students

Robert Templeman

Zahid Rahman

REU Students

Steven Armes

Publications

Conference paper:
Robert Templeman, Zahid Rahman, David Crandall, and Apu Kapadia,
“PlaceRaider: Virtual Theft in Physical Spaces with Smartphones,”
In Proceedings of The 20th Annual Network & Distributed System Security Symposium (NDSS ’13),
San Diego, CA, February 24–27, 2013.
(bibtex)(isoc)

Technical report:
Robert Templeman, Zahid Rahman, David Crandall, and Apu Kapadia,
“PlaceRaider: Virtual Theft in Physical Spaces with Smartphones,”
CoRR arXiv Technical Report arXiv:1209.5982, September 2012.
(bibtex)

Demo Video

Radio and TV Interviews

Interviews, Quotes

Media Coverage

Acknowledgement

This material is based upon work supported by the National Science Foundation under Grant No. 1016603. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.