BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Your Smartphone Can Photograph You, and Share the Pictures, Without Your Knowledge

Following
This article is more than 10 years old.

Imagine if you discovered that your smartphone had been surreptitiously taking pictures of you at times when you thought the camera was off, and forwarding the resulting photos to some unknown stranger.

Sound like science-fiction horror?

It is actually possible today via cleverly-crafted malware.

One experimental piece of such malware, that has been known to exist for several months, was designed by researchers to test the feasibility of mapping the inside of buildings via photos, a process that could simplify attacking or burglarizing a facility. But, what if similar malware were designed – using widely-available technology –  to repetitively take pictures or video and to transmit those in which a large percentage of pixels were flesh-tone? Considering the percentage of phone users who bring their phones into bedrooms, bathrooms, and other areas in which they usually do not want to be photographed, such malware could put nearly the entire adult population of the Western World at risk of serious embarrassment. Even without the flesh-tone analysis capability, smartphone malware that shares surreptitiously taken photographs clearly poses severe privacy risks.

It would be nice if security-conscious folks who run malware scanners on their mobile devices did not need to worry. But, like any security technology, mobile malware scanners are not impervious to failure. In fact, mobile devices running such software may remain more susceptible to breaches than their laptop counterparts because mobile security technology is far less mature and robust than PC security technology, and because typical mobile-device architecture –  in which devices use the same port (e.g., micro-USB, Apple dock connector, etc.) for charging and for communications –  creates a risk of malware spreading whenever someone borrows a charger. Furthermore, people who allow auto-updates from only major software providers on their laptops often allow app auto-updates from even unknown, overseas providers on their mobile devices; if a provider is compromised, malware disguised as a feature within a new release can potentially propagate to many users. Also, from a practical standpoint, desktop and laptop cameras are far less likely to be in positions to accidentally capture sensitive activities than smartphone cameras, and often have lights that illuminate whenever the camera is active – so anyone in sight knows that they are being recorded.

So, practically speaking, what should you do to prevent a major problem?

Clearly, it is best to run, but not to rely on, mobile security software. But, on top of that, I suggest adding an astoundingly low-tech security countermeasure: Keep the phone out of sensitive areas, and if you must bring it in, block the camera’s view when it is not in use.

A low-tech solution to a high-tech problem: a sticky note obstructs the camera's view

Sound obvious? If it were, you’d see most people doing so, but you don’t. People simply do not understand the risk.

The government does. Smartphones are not allowed into sensitive areas – even if the phones are off. A recording device simply cannot be trusted not to be recording.

Of course, such an approach is not practical for many people. So, ensure that the camera cannot take pictures when you do not want it to, by putting the phone in a case, bag, pocket, or drawer that covers the camera whenever it is not supposed to function. Alternatively, or as an additional line of defense, you can put a small piece of an opaque sticky-note over the camera.

Like the technical defense, this approach is not perfect. Surreptitious audio recordings may take place – so whenever audio recordings pose a significant enough threat, keep the phone out.

Follow me on:

Twitter: @JosephSteinberg

Web: www.JosephSteinberg.com