London: US military experts have demonstrated a new smartphone app that can turn your mobile's camera into a spying tool for cyber criminals, secretly beaming images of your house, chequebook and other private information back to them.
The software can even build up a 3D model of your house, from which the hackers can inspect your rooms, potentially gleaning information about valuables in your home, calendar entries as well as spying on you.
The app 'PlaiceRaider' was created by US military experts at Naval Surface Warfare Center in Crane, Indiana, to show how cybercriminals could operate in the future, the Daily Mail reported.
The creators even demonstrated how they could read the numbers of a cheque book when they tested the Android software on 20 volunteers.
As long as the app could be installed on the users phone, it can instantly begin beaming back images from the phone when it senses the right conditions, and software on the other end can then re-construct maps of the visited room.
The team gave their infected phone to 20 individuals, who did not know about the malicious app, and asked them to continue operating in their normal office environment.
The team said they could glean vital information from all 20 users, and that the 3D reconstruction made it much easier to steal information than by just using the images alone.
Researcher Robert Templeman said their app can run in the background of any smartphone using the Android 2.3 operating system.
Through completely opportunistic use of the phone's camera and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments.
"Remote burglars can thus "download" the physical space, study the environment carefully, and steal virtual objects from the environment (such as financial documents, information on computer monitors, and personally identifiable information)," researchers said.
PlaiceRaider will silently take photographs, recording the time, location and orientation due to the sensors within most modern smartphones.
It will then delete any blurred or dark shots, before sending the rest back to a central server, which can reconstruct the user's room, based on information such as phone orientation.
Then the hacker can explore the user's property at will - for instance, scanning the room for calendars, private details on computer screens, and cheque-books or card details.
"We implemented on Android for practical reasons, but we expect such malware to generalise to other platforms such as iOS and Windows Phone," Templeman said.