--> Devnullius's Choices: A list of default programs to keep your PC running well!
0 Members and 1 Guest are viewing this topic.
THURSDAY, MAY 22, 2014Exploring limits of covert data collection on Android: apps can take photos with your phone without you knowing.SHORT VERSION: Android apps can take photos with your phone in background phones without displaying any notification and you won't see the app on the list of installed applications. App can send the photos over the internet to their private server. You can also find video with demo in this post.Introductionhttp://all-free-download.com/free-vector/vector-clip-art/surveillance_camera_clip_art_18240.html (camera)I discovered this almost by accident while doing a team project for a Computer and Network Security course at my university. The project suggested by college of mine (Predrag Gruevski) was mostly about using cameras on PC's without turning on indicator light. There were already promising findings in this field (iSeeYou paper discussed doing so on old Mac models). Since the project was relatively general each of member of our team took different approach. I initially started with low-level USB hacking, but despite genuine efforts I found nothing really interesting. Further experiments seemed really boring to me, because they in general involved trying various different cameras and hours of starting at LED light hoping the camera light won't blink.androidI switched my focus to Android. Initial research was promising. There are many apps on Play Store (if you are iPhone user think App Store) that aim at taking pictures without any visual indication (ACLU-NJ Police Tape, Mobile Hidden Camera and more) but from what I found all of them require app activity to be visible and phone screen to be on. Some of them manage to record video without visible preview. Technical DetailsWhat I wanted is to take pictures without user knowing, but at any time, not only when the app is on. I started googling and first thing that I found is that using Camera technically requires a preview to be displayed on screen in order to take video, but background services do not have associated visible activity. But let's not get discouraged an keep trying. I wrote a small camera app for my Nexus 5. My first approach was to create a View object that is not attached to any activity and feed preview to that object. That fails (I literally get "take picture failed" exception). The I remembered something that later turned out to be very relevant. Facebook messages draws to the UI, even when the app is not technically running:This turned out to be indeed the right track. I attached preview to the screen from the background service and indeed I was able to take a photo! This is not yet ideal - the preview is visible on the screen user can clearly see that something is going on. But then I tried to remove it. Here's a list of approaches:Make preview invisible - failed: Android just ignores this setting for previewMake preview transparent - failed: Android just ignores this settings for previewCover preview by another view - partially failed: the view on top is still obstructing the screenMake preview 1x1 pixel - successfulThe result was amazing and scary at the same time - the pixel is virtually impossible to spot on Nexus 5 screen (even when you know where to look)! Also it turned out that even if you turn the screen completely off, you can still take photos, as long as the pixel is still there.
Simple try Kaspersky's service of locating your lost phone. When I was just testing the service last year then found that using the browser in the PC, we can click pics of a stolen phone and then I realized as it can click pics without any noise then same way any malicious application can also do it.
With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.
Terms of Use | Privacy Policy | Advertising