Colorado Research Institute for

Security and Privacy

2013 CRISP Workshop on Information Security and Privacy

Dr. Apu Kapadia
Assistant Professor
Computer Science and Informatics
Indiana University Bloomington

PlaceRaider: Virtual Theft in Physical Spaces with Smartphones

About Dr. Kapadia:
Dr. Apu Kapadia is an Assistant Professor of Computer Science and Informatics at the School of Informatics and Computing, Indiana University Bloomington. He received his Ph.D. in Computer Science from the University of Illinois at Urbana-Champaign (UIUC) in October 2005. Following his doctorate, he joined Dartmouth College as a Post-Doctoral Research Fellow with the Institute for Security Technology Studies (ISTS), and then as a Member of Technical Staff at MIT Lincoln Laboratory. Dr. Kapadia is interested in topics related to systems’ security and privacy. He is particularly interested in accountable anonymity, mobile and pervasive computing, crowdsourcing, and peer-to-peer networks. For his work on accountable anonymity, two of his papers were named as 'Runners-up for PET Award 2009: Outstanding Research in Privacy Enhancing Technologies'. His work on usable privacy controls was given the 'Honorable Mention Award (Runner-up for Best Paper)' at the Conference on Pervasive Computing, 2007. Dr. Kapadia received the NSF CAREER award in 2013.

Talk abstract:
As smartphones become more pervasive, a new strain of 'sensory malware' has been developing that leverages sensors to steal information from the physical environment. Our work introduces a new form of visual malware called PlaceRaider, which allows remote attackers to engage in remote reconnaissance and what we call 'virtual theft'. Through completely opportunistic use of the camera on the phone and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments. Remote burglars can thus download the physical space, study the environment carefully, and steal virtual objects from the environment (such as financial documents, information on computer monitors, and personally identifiable information). Through two human subject studies we demonstrate the effectiveness of using mobile devices as powerful surveillance and virtual theft platforms, and we suggest several possible defenses against visual malware. I will also summarize results from our Exposure Project, which focuses on the controlled sharing of sensed information to improve privacy.

©2018 University of Denver. All Rights Reserved. Privacy
The University of Denver is an equal opportunity/affirmative action institution.