Remote Virtual Theft App

by Morgan Maroni


A new “visual malware” called PlaceRaider has been developed by a team at Indiana University and the U.S. Navy for use on smart phones.

Basically, it’s a trojan that runs in the background on Android phones that runs 2.3 or above, and is hidden in an app that gives it the necessary permissions to mute the shutter sound of the camera, and quietly take pictures about every 2 seconds, as well as uploading the the images to the attacker’s network. It can use the phone’s cameras, gyroscopes, and accelerometers, and also along with using time, location, and orientation data from the pictures themselves, to construct 3D models of rooms it takes pictures of.

If you look at this as an actual legitimate application, it does have some merits that some fields, like architecture, could use. I myself am imagining a somewhat creepy app that could take pictures of your room, and then, when you go and loose something, you could go through the pictures and models and find out where that thing sitting on your desk was last. Silly application uses aside, PlaceRaider was intended and developed as something attackers might use.

In a test, an office type room was set up, with papers and other personal items, like financial information lying around. They had PlaceRaider map out the room, and the people on the other end were able to use the 3D models successfully to find information throughout the room, including bar codes, bank account numbers, names, dates, etc. This is what is called “virtual theft” through remote reconnaissance.


The technology is far from threatening right now, but it is still interesting to think about just how much our smart phones could expose about us. Especially since so few people use anti-virus or anti-malware on their phones, the vulnerability is there.