3 November 2015 at 20:10 #2277
Journal Article Review by NH
In “PlaceRaider: Virtual Theft in Physical Spaces with Smartphones” Templeman, Robert et al present a method of engaging in remote reconnaissance with the use of an application installed on a unsuspecting victim’s smartphone. The authors created the application and tested it using two human subject studies. The studies showed it was possible to generate a useful 3D reconstruction of a victim’s surroundings allowing for the extraction of sensitive data using the victim’s smartphone’s camera and other built-in sensors. Finally, the authors explore a number of potential improvements to the attack and defenses against.
Smartphone devices are becoming increasingly ubiquitous with not only more powerful hardware but also with more sensors that can detect the environment around the device. This brings about numerous opportunities for hackers to retrieve data beyond which is already stored on a device’s storage memory. Since most people carry their smartphones with them 24×7, the data which can be collected through sensors can give a lot of sensitive information about the carrier and those they are in the company of.
Templeman, of the US Naval Surface Warfare Center, and his colleagues investigated the privacy implications and potential for surveillance using this visual and sensory data. By combining the visual and other sensor data, the authors are able to place the images in spatial dimensions so as to generate a 3d model of the victim’s space. This allows for the extraction of sensitive data from the data captured.
As the idea of accessing the data on smartphones remotely was not novel in 2012, the authors point toward a number of articles which discuss or demonstrate similar attacks. Such research used visual and other sensors to retrieve data about the victim’s environment. For instance Xu et al (2009) proposed that malware could covertly record video and upload it over 3G to an attacker’s server. What this research contributes is the local processing for data reduction and the utilization of photo plus other sensor data to reconstruct a 3D model of the environment. This research also uses or modifies existing freely available tools that implement well-tested algorithms to achieve its goals rather than attempting to re-invent the wheel.
The authors have put together a strong proof of concept study to measure the ease and effectiveness of using visual and other sensors on a smartphone to observe a victim’s visual space. It is clear from the study that it is possible gain a 3d model of a victim’s environment given the right circumstances i.e. relying on how the victim happens to use their smartphone. The study results are, however, based on subjective evaluation of the data collected due to a limitation of the study. As noted by the authors, the 3d generated model does not fair any better with regards ability to extract sensitive data when compared to the control i.e. raw collected images, but can potential offer benefits for multi-rooms captures or more complex layouts.
The study brings up some valuable points with regards the ease of access to sensor data on smartphones and also the blasé attitude users have to allowing apps access parts of a mobile device which could be used for nefarious purposes. One defense against covert access of a smartphone camera that was noticeably absent was simply covering the lens so as to render it unusable. This is not to detract from the many other useful suggested defenses.
No detail is offered in relation to feedback from the sample group with regards noticing the remote surveillance as it was taking place. Were there any indications of compromise noticed by the group? Volume levels changing? Phone overheating? etc. This would be interesting to ascertain but as the group were not using their own phone they may not have been aware of how the phone would normally behave so may find it more difficult to notice when it has been compromised.
Eduard Snowden revelations two years after the study was published revealed that the National Security Agency (NSA) was in the process of developing a method of gaining access to iPhone smartphone sensors (including camera) since at least 2008 under their DROPOUTJEEP exploit (Schneier, 2014). This further strengthens the plausibility of this approach as an attack vector. It raises the question as to whether this attack has already been used in the wild and how more effective it may be, given the available resources for development and potential access to vendor secrets the NSA has.
This study raises a number of interesting points regarding privacy considering smartphones are close to their owners twenty four hours a day. The authors point out that most users do not review the permissions they are granting to mobile applications. If more fine grained information is offered to users would it help users or push them further away from reading the permissions details? Would users decide not to install an application due to the access permissions being sought?
Since this proof of concept was published there have been many technical advances in the smartphone world with new versions of the Android Operating System released. There are also much more powerful phones released that would allow for smarter selection of captured images through deeper analysis. The latest Samsung S6 Edge Plus (PhoneArena, 2015), for example, is over thirty times faster than the HTC Amaze 4g (PhoneArena, 2011) used in the study not to mention a longer lasting battery, more sensors and a faster internet connection. It seems the more powerful smartphones become the easier it may be for hackers to steal larger amounts of data undetected. Our desire for higher performance may be our worst enemy when it comes to security and privacy.
N. Xu, F. Zhang, Y. Luo, W. Jia, D. Xuan, and J. Teng, “Stealthy video capturer: A new video-based spyware in 3G smartphones,” in Proceedings of the second ACM conference on Wireless Network Security, ser. WiSec ’09, New York, NY, USA, 2009, pp. 69–78.
PhoneArena, 2011. HTC Amaze 4G benchmark tests. [Online] Available at: http://www.phonearena.com/news/HTC-Amaze-4G-benchmark-tests_id22815 [Accessed 1 11 2015].
PhoneArena, 2015. Samsung Galaxy S6 edge benchmarks. [Online] Available at: http://www.phonearena.com/phones/Samsung-Galaxy-S6-edge_id9193/benchmarks [Accessed 1/11/2015].
Schneier, B., 2014. DROPOUTJEEP: NSA Exploit of the Day. [Online] Available at: https://www.schneier.com/blog/archives/2014/02/dropoutjeep_nsa.html [Accessed 1/11/2015].
You must be logged in to reply to this topic.