PlaceRaider shows why Android phones are a major security risk

By Rob Enderle, CIO |  Security, Android, BYOD

PlaceRaider is malware created by the United States Navy to showcase Android vulnerabilities. (The full paper, which includes mediation advice, can be found here.) PlaceRaider activates a phone's camera and forces it to take pictures almost constantly. The originator of the malware uses the pictures to create a 3D image of the phone's location without the owner's knowledge and by bypassing any physical or personal security measures.

Malware Takes Pictures, Creates Video

PlaceRaiders showcases a significant problem with smartphones cameras. The access permissions that PlaceRaider requires are no different than those of a typical "innocent enhanced camera applications," Naval Surface Warfare Center says, so a user could voluntarily install a "safe" application from an official app store without thinking of the implications. It would be hard for the owners of infected smartphones to know what's happening, too, as the first indication would likely be excess data charges on the monthly bill.

Now, if the phone is in a pouch, pocket or purse, the risk is low, since the camera is unlikely to capture useful images. The risk manifests when someone is using the phone and the camera can see its surroundings. With an older phone that can't multitask, the risk of exposure is limited, since the phone should not be able to run the malware while on the call. Even for phones that can't process data and voice calls at the same time, though, the risk is real, as the phone could cache the pictures and then batch them when it can make a data call.

While the risk with this particular app is only visual, malware that tracks audio could effectively bug every phone running Android 2.3-the version the researchers worked with-and listen to all private conversations occurring within its range. Moreover, some of these phones have made significant advancements in noise cancellation that can even make conversations in a crowded room understandable. (Charging an Android phone in the bathroom or bedroom, then, is a bad idea.

Google's Attitude Toward Privacy Is Bad News


Originally published on CIO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question