Android malware creates 3D maps of rooms
Researchers have created a proof-of-concept Android malware app that is able to use the phone's sensors and camera to gather data that can be used to surreptitiously create a 3D model of a room. The research paper from Robert Templeman of the Naval Surface Warfare Center, Indiana and Zahid Rahman, David Crandall and Apu Kapadia of the School of Informatics and Computing at Indiana University discusses an Android app they created called PlaceRaider.
The PlaceRaider app makes opportunistic use of an Android device's camera to take photographs of a target's location. This information is complemented by data from the GPS, gyroscope and accelerometers to provide information on where the phone is in space. Then using that data, the researchers could reconstruct the target room as a three dimensional model. They emphasise that the taking of the photographs was entirely opportunistic so ideally would not be noticed by the target phone user.
The researchers found that one challenge in obtaining the data was to ensure that the phone's communications were not overwhelmed when providing imagery to their remote system. To take on that problem, they use the positional data to reduce the number of photographs they have to send upstream. They also used different image resolutions in their sampling depending upon opportunities available.
The project went on to use algorithms, based on computer vision systems that could convert the large unstructured collections of images, complete with "noisey" images and filter them down into coherent 3D models. The challenge there was that this software was normally used where there was a steady, consistent stream of high quality imagery, but they had to adapt these algorithms to handle a much more limited selection of imagery. Another tool was also developed which could allow a user to navigate through the imagery collected and be shown views created from all imagery that contributed to that view. In an example, they show how they navigated to a clear view of account numbers on a cheque on a desk.
To evaluate the technique, a HTC Amaze running Android 2.3.3 was used by the researchers to test the gathering of data using the app; twenty different users were recruited to go into the office and engage in typical office activities in the prepared room. From the results, they offer ideas for further optimisations of the process, how the 3D models generated could be improved and suggest a number of defences against what they call "Visual malware".