You may remember news stories during past years where thieves used the Google Earth service to find buildings with valuables on the outside -- roofs made with precious metals, so they could return at night to steal the metal and resell the stolen goods for a profit. Now, imagine a scenario where thieves take over the camera in your smart phone (or tablet) to find valuable items inside homes, to return later when you are away or at work to steal the items they remotely recorded on video.
This sounds like science fiction, eh? Or maybe a fictional episode of NCIS?
Well, it's not science fiction. It's science fact, and the software is available today.
A reader alerted me to an article in Technology Review about PlaceRaider, an Android app already created to secretly record via the victims' mobile devices their personal spaces. With the secretly recorded video, the user can create a three-dimension virtual model of the recorded space:
"... Robert Templeman at the Naval Surface Warfare Center in Crane, Indiana, and a few pals at Indiana University reveal an entirely new class of 'visual malware' capable of recording and reconstructing a user's environment in 3D. This then allows the theft of virtual objects such as financial information, data on computer screens and identity-related information... the malware would be embedded in a camera app that the [victim] would download and run..."
The military applications of this are obvious. It's a stealth method to gather intelligence by recording the battlefield (or urban landscape) before the battle by using malware installed in the enemy's mobile devices. An accurate 3-D virtual model, complete with tools and papers lying about, would enable military officials to plan a more effective and efficient attack -- and know ahead of time what documents to look for and to capture.
An app like this in the hands of identity criminals would be equally devastating. It could secretly record a victim's home office, small business office, doctor's medical records storage area, or similar sensitive interior space. Did you leave credit- or debit cards lying about on your desk or bedroom dresser? PlaceRaider could record the account numbers lying exposed. Did you leave your online banking screen open on your desktop computer monitor? PlaceRaider could record that, too.
Meanwhile, what's a consumer to do? All of the usualy steps:
- Be carefult about the apps you download. Look for trustworthy apps with privacy policies that they comply with
- Install and maintain anti-virus apps on your mobile device(s)
- Password protect your mobile device(s)
- Be careful about which WiFi hotspots you use your mobile device at, just as you would with any other computing device
- Use a mobile VPN connection when appropriate
- Use strong passwords, and change them every 90 or 120 days
- Don't use the same password for all of your online accounts and devices
- Place masking tape over your mobile device's camera lense when not using it for long periods.
Maybe some time soon, mobile device manufacturers will get smart and build lens covers into their mobile devices.