We introduce PlaceRaider, a proof-of-concept mobile malware that exploits a smartphone’s camera and onboard sensors to reconstruct rich, 3D models of the victim’s indoor space using only opportunistically taken photos. Attackers can use these models to engage in remote reconnaissance and virtual theft of the victims’ environment. We substantiate this threat through human subject studies. Our paper was presented at the 20th Annual Network & Distributed System Security Symposium (NDSS) 2013. For more details, see the PlaceRaider project page.