A malware app created by the Naval Warfare Surface Center hijacks smartphone cameras to build a re-creation of the owner's surroundings.
Called PlaceRaider, it takes photographs at random intervals while also recording the phone's orientation, in order to reproduce a 3D model of the phone owner's environment.
Contrary to what you might suppose, however, the Android app was not created for spy purposes, but to expose the threat of the theft of visual data, such as bank details and personal information, according to the research paper.
The School of Informatics and Computing in Indiana and the Naval Warfare Surface Center conducted a study (PDF) to find out just how much visual data could be stolen by using smartphone malware.
An abstract of the study explains the malware:
Through completely opportunistic use of the phone's camera and other sensors, PlaceRaider constructs rich, three-dimensional models of indoor environments. Remote burglars can thus "download" the physical space, study the environment carefully, and steal virtual objects from the environment (such as financial documents, information on computer monitors and personally identifiable information). Through two human subject studies, we demonstrate the effectiveness of using mobile devices as powerful surveillance and virtual theft platforms, and we suggest several possible defences against visual malware.
The researchers were certainly thorough, down to assessing defences against the malware and finding ways to circumvent them, such as splitting malware permissions between applications to avoid suspicion and muting the phone's speaker to avoid the sound of the camera shutter. They even sought ways to improve image quality.
However, the language used to describe the app and those who might use it is definitely negative: "burglary", "theft", "threat to privacy".
While some suggest that the malware was created as a new method of covert military surveillance, it seems more likely that the Naval Warfare Surface Center is simply interested in protecting its own security.
The paper concludes:
In this paper, we introduce a new general threat to the privacy and physical security of smartphone users that we call virtual theft. We conceptualise a mode of attack where opportunistically collected data is used to build 3D models of users' physical environments. We demonstrate that large amounts of raw data can be collected and demonstrate novel approaches that can be used to improve the quality of data that is sent to the attacker.