New class of visual (smartphone) malware

[lotuseclat79]

PlaceRaider: The Military Smartphone Malware Designed to Steal Your Life.

Quote:

The US Naval Surface Warfare Center has created an Android app that secretly records your environment and reconstructs it as a 3D virtual model for a malicious user to browse

-- Tom

[TheWindBringeth]

I would definitely want an on/off switch that physically disconnects the battery. Which doesn't exactly fit with common smartphone usage scenarios, but I'd deal with that aspect.

[siljaline]

Revealed: The Most Disturbing Malware Ever Made.

Quote:

So you thought you were safe, cooped up in the privacy of your own home, with the doors locked and the windows shut tight? Well, if you own a smartphone, you might want to think again…

Details of a new kind of ‘visual’ malware are just emerging, an altogether different beast that has to rank as one of the most unsettling ideas that hackers have ever conceived (and believe me, they’ve had some creepy ideas in the past).

Dubbed “PlaceRaider”, the malware in question has been designed to work on any Android phone running version 2.3 or above, and disguises itself in a photography app that gives it all the permissions it needs to access your camera and the images stored on your phone. The moment it’s installed, PlaceRaider sparks to life, snapping away random photos of you and your life without your knowledge, and tagging them with the time and (your) location.

Article

[siljaline]

Apps that require "keep awake" via permissions, would probably boot the malware once you reconnected the battery, assuming you had this on your phone.
A decent security app and something that hunts this stuff of which there is little. Back up you data often and get to know how to recover from a reset.

Quote:

Originally Posted by TheWindBringeth

I would definitely want an on/off switch that physically disconnects the battery. Which doesn't exactly fit with common smartphone usage scenarios, but I'd deal with that aspect.

[PJC]

"Smart" Phones are getting DANGEROUSLY "Smart"...

[TheWindBringeth]

Yes, I don't think a real power switch will keep malware from running when the device is on. I was basically thinking out loud that there is no reliable way to prevent malware, phone and/or OS vendor backdoors, etc from collecting information while the phone has power. An opaque, sound muffling, RF shielded pouch might be a fallback solution.

[siljaline]

Android trojan spatially `cases’ offices and homes in 3D for burglars

Quote:

We’ve all heard about smartphones and even landline phones being hacked to allow remote eavesdropping, but now researchers with the University of Indiana have coded a proof-of concept trojan app that – after infecting an Android device – creates a 3D representation of the home or office around the handset or tablet, for later use by burglars and cybercriminals.

This is known in criminal circles as `casing the joint’ and gives criminals a significant advantage as, unlike Google Street View – which has been allegedly used by burglars to target rich homes – the proof-of-concept PlaceRaider app allows homes and offices to be `cased’ internally and remotely.

• Article

[Mrkvonic]

It all begins with an infection.
Don't get it and nothing happens.
Afterward, it's all unimportant.
Mrk

[siljaline]

Quote:

Originally Posted by Mrkvonic

It all begins with an infection.

Yes, evidently (or) crappy protection.

Quote:

Don't get it and nothing happens.

That's self-evident

Quote:

Afterward, it's all unimportant.

Assuming one knows the guts of what we are referring to, many don't - that is why I'm driving such topics here as many have Smartphones and want to learn more.

[Mrkvonic]

No problem learning more. But smartphones are identical to any other computing device from the security perspective. This is the important thing to discuss. Once people realize that, you can have a reasonable security strategy in place.

Discussing POST-infection scenarios is like discussing what can happen to a human body after the car crashes into a wall at 100mph. Whereas the focus should be how to avoid crashing in the first place. You can control that part, not the second.

Same here. Smarthpones, computers, do not get infected and then even the most ultra-sophisticated malware becomes irrelevant.

Crappy protection on smartphones? Well, no less or more than desktop operating systems. You're actually locked down, you have vendor app markets, most devices do not give root, so you're probably better off than a typical desktop.

Mrk