Researchers at the US Naval Surface Warfare Center created PlaceRaider and have dubbed it “visual malware.” It was developed as a proof of concept but would also be a great idea to sell to producers seeking spy gadget ideas for the next James Bond film, because PlaceRaider hints at the future of covert surveillance:
Their idea is that the malware would be embedded in a camera app that the user would download and run, a process that would give the malware the permissions it needs to take photos and send them.
PlaceRaider then runs in the background taking photos at random while recording the time, location and orientation of the phone. (The malware mutes the phone as the photos are taken to hide the shutter sound, which would otherwise alert the user.)
PlaceRaider would send images to the attacker’s servers and those would be assembled as a 3D model of the victim’s home or workspace. Using those models, the hacker controlling the app could examine the targeted space in detail, picking up vital details like passwords and banking information.
On the original page presenting an explanation of the app, the authors note that their work demonstrated “the effectiveness of using mobile devices as powerful surveillance and virtual theft platforms.”
They also suggest defenses against “visual malware” such as antivirus applications and making sure your phone’s camera shutter click is always on.
Which is good, since they’ve put the idea out there, so it’s likely someone else is already working on it.