Android 4.1 'Jelly Bean' reaches 1.8 percent market share

While the aging Android 2.3 "Gingerbread" operating system continues to be the most popular version, Android 4.1 "Jelly Bean" finally has the 2 percent market share milestone in its sights.

With Google now seeing some 1.3 million new Android device activations every day, there's no shortage of hardware out there running the mobile operating system, but it seems that the bulk of these devices are running older versions of the operating system.

Data based on devices accessing the Google Play store over a 14-day period up to October 1 shows that Android 4.1 "Jelly Bean" is installed on 1.8 percent of devices accessing the application store.

The problems facing Android 4.1 "Jelly Bean" are two-fold. First, "Jelly Bean" has so far only been made available on a limited number of devices, such as the Nexus 7 tablet and Galaxy Nexus smartphone -- neither of which seem to be mass-market devices. Most of the major OEMs are still pushing out hardware running older versions. Even new smartphones such as Motorola's DROID RAZR M still ship with Android 4.0 "Ice Cream Sandwich".

To make matters worse, hardware OEMs and carriers have been dragging their heels when it comes to making "Jelly Bean" available as an update for existing hardware. Both would rather consumers just bought a new smartphone or tablet than give them a new operating system for their old hardware for nothing. There's just no incentive for any of the players -- even Google -- to push updates to older hardware.

The problems facing Android 4.1 "Jelly Bean" are two-fold. First, "Jelly Bean" has so far only been made available on a limited number of devices, such as the Nexus 7 tablet and Galaxy Nexus smartphone -- neither of which seem to be mass-market devices. Most of the major OEMs are still pushing out hardware running older versions. Even new smartphones such as Motorola's DROID RAZR M still ship with Android 4.0 "Ice Cream Sandwich".

To make matters worse, hardware OEMs and carriers have been dragging their heels when it comes to making "Jelly Bean" available as an update for existing hardware. Both would rather consumers just bought a new smartphone or tablet than give them a new operating system for their old hardware for nothing. There's just no incentive for any of the players -- even Google -- to push updates to older hardware.

The slow adoption of new versions of Android affects everyone in the ecosystem. It forces developers to support an ever-increasing array of aging versions, while at the same time preventing them from making full use of new features. For consumers, it means that they are denied new features and not getting security updates that help keep their handsets and tablets safe from hackers and malware. 

As the chart above shows, Android 4.0 "Ice Cream Sandwich" is the fastest-growing platform, now running almost a quarter of the hardware accessing Google Play. 

By far the most popular version of Android continues to be the now aged Android 2.3 "Gingerbread". This is Google's mobile version of Windows XP, an old version of a platform that both hardware makers and consumers are clinging onto for dear life. It was the platform that was around when Android went mainstream, and as such there are a lot of devices out there running it. You can still find handsets for sale that still "Gingerbread," even though the platform hasn't seen an update since September 2011.

Image source: Google Developer Dashboard.

Read More

Julian Assange costs Britain 11, 000 pounds a day

London: It is costing a whopping 11,000 pounds a day for Britain to ensure that WikiLeaks founder Julian Assange, holed up in the Ecuadorean embassy here, does not flee the country. 

The final bill could be much more as the 41-year-old continues to defy extradition to Sweden where he is suspected of sexually assaulting two women.

Scotland Yard confirmed it costs 11,000 pounds every day to ensure that the Australian does not flee his bolthole at the Ecuadorean Embassy, the Daily Mail reported. 

The police bill for staking out the embassy where Assange is holed up has already reached more than 1 million pounds. 

Officers have been watching the property in Knightsbridge, West London, since Assange breached his bail and claimed asylum in June. They have been told to arrest him if he puts "one toe" outside. 

Ecuador granted political asylum to Assange in August after he took refuge in the country's embassy in London. 

Ecuadorean foreign minister Ricardo Pinto has warned Assange he could be in the embassy for a decade if he is not allowed to leave Britain. 

Critics have called on the Metropolitan Police to end the costly stakeout. London Mayor Boris Johnson confirmed the policing bill between June 20 and September 10 was 905,000 pounds. 

If the costs continued at the average of 11,000 pounds a day the total would now be over 1.1 million pounds. 

Last week, Foreign Secretary William Hague admitted there is "no sign of any breakthrough" after meeting his Ecuadorean counterpart Ricardo Pinto at the United Nations in New York. 

The comments came after the hacking activist accused the US of persecuting WikiLeaks and torturing Bradley Manning, the soldier accused of leaking classified documents. 

At least four Metropolitan officers guard the embassy, on the second floor of a block of flats behind Harrods in Knightsbridge, West London, around the clock. They have set up a 250,000 pounds mobile command station on the doorstep of the building and occupy positions outside and in surrounding properties. 

Officers from every London borough, specialist police units and undercover squads have been brought in to join the open-ended stake out. 

Critics called on the police to end the stand-off but sources said the force cannot step back from its responsibilities to arrest Assange for breaching his bail. 

Australian hacker-turned-activist is trying to avoid extradition from Britain to Sweden over allegations of rape and sexual assault in August 2010. 

Assange fears that he may be sent to the US, if extradited to Sweden, and face charges punishable by death for publishing some 250,000 leaked American diplomatic cables. 

Read More

Kingfisher Airline to pay salary dues 'soon'

India's Kingfisher Airlines has told the aviation regulator that it will pay staff salaries, held up for the last six months, in the next few days.

Workers have gone on strike claiming they have not been paid

The airline's chief executive Sanjay Aggarwal said they would decide on Thursday whether to resume flights.

On Monday, Kingfisher suspended flights for three days after a strike by workers raised safety concerns.

The airline cited incidents including violence, criminal intimidation and refraining from attending work.

It declared a partial lock-out until 4 October.

The government said the airline could not fly until its planes were certified safe after the strike.

"We have shared the steps which we are going to take in the next few days with the Director General of Civil Aviation (DGCA). We have explained our position to DGCA," Press Trust of India quoted Mr Aggarwal as saying after the meeting on Tuesday.

"We will clear the pending salaries in the next few days. I myself haven't got the salary," he added.

Kingfisher was in talks with "a couple of airlines" for investment and hoped that talks would conclude "in two-three months", DGCA Arun Mishra told reporters after the meeting.

Reports said the airline told the regulator that they would resume operations from Friday.

'Illegal acts'

Kingfisher, owned by Vijay Mallya, was hit by a strike in July - the airline was forced to cancel 40 flights when workers refused to work saying they had not been paid for months.

In the latest incident, lack of pay was again cited as the reason for a strike that began on Friday and which more workers joined on Monday.

The company said in a statement on Monday that "illegal acts" had been committed by a "small section of recalcitrant employees which were all unnecessary and unprovoked".

It added that the majority of staff were willing to continue operations but had not been able to report to work because of acts of criminal intimidation.

It said it would take disciplinary action against some employees.

'Cash crunch'

The airline has been struggling with a cash shortage and has reported losses for five years in a row.

Analysts said this week's disruption and safety concerns would hurt Mr Mallya's efforts to win the investment needed to save the airline from collapse.

Mr Mallya had said discussions were ongoing for overseas carriers to potentially take a stake in the airline.

It came after the government relaxed investment rules, allowing foreign airlines to buy as much as 49% of domestic airline operators in India.

Mr Mallya is also in discussion to sell a stake in United Spirits, an Indian distiller, to global drinks giant Diageo in an attempt to generate cash.

Read More

Visual Android Trojan as virtual theft aid

The rise of mobile malware in the last few years has been well documented, and the latest reports show that malware sending out text messages to premium rate numbers is the type users encounter most often.

This prevalence will likely not be challenged for a while - after all, there are not many crooks who would say no to a fast and easy buck - but users must be aware that new malicious software with as of yet unimaginable capabilities will surface in time.

One of these malicious programs has recently been unearthed, but luckily for all of us the Trojan posing as a camera app is currently only a prototype created by a team of researchers from the Naval Surface Warfare Center in Indiana and the Indiana University.

The name of the malware in question is PlaceRaider, and its goal is to surreptitiously take photos with Android smartphones' built-in camera in order for attackers to be able to recreate a 3D model of the user's indoor environment and steal all kinds of information (click on the screenshot to enlarge it):

"Once the visual data has been transferred and reconstructed into a 3D model, the remote attacker can surveil the target’s private home or work space, and engage in virtual theft by exploring, viewing, and stealing the contents of visible objects including sensitive documents, personal photographs, and computer monitors," the researchers explained in a recently released .

They tested their Trojan on 20 individuals by giving them infected devices. As they went through their day, the malware would take hundreds of photos (along with orientation and acceleration sensor data) and, after filtering out the uninformative ones, would send the remaining ones to the researchers' remote server. 

The victims were oblivious to the Trojan's activities, as the malware is designed to mute the sound of the camera's shutter.

With the images in hand, the researchers then used a computer vision algorithm to generate a rich 3D model, which can be inspected very closely for valuable information.

The PoC Trojan has been designed for the Android platform, and the scary part is that the permissions it asks - to access the camera, to write to external storage, to connect to the network, to change audio settings - can easily be seen as legitimate when the malware is packaged within an attractive camera app.

The researchers have proved that it is highly likely that successful "visual" Trojans such as this one will eventually find their way into the wild, so in order to prevent users from becoming targets they advise them to get apps only from trusted software developers.

Among other things, hardware manufacturers are advised to implement a shutter sound that can't be muted, and possibly even to make the taking of photos possible only when a physical button is pressed; and Google and Apple (developers of Android and iOS) are urged to make apps also ask permission to collect acceleration and gyroscope data.

Read More

Brier Dudley: Tech needs to do more for U.S. if it wants more visas

I’ll gladly pay you Tuesday for a hamburger today.

That’s the gist of Microsoft’s ambitious proposal to revamp U.S. immigration policies regulating the flow of foreign tech workers into the country.

Microsoft wants the government to let companies bring in more skilled workers from overseas with special visas. It also wants the government to release more green cards that were allocated but unused.

To make this more palatable to a country suffering from widespread unemployment, Microsoft proposed fees of $10,000 to $15,000 that companies would pay for extra visas and green cards issued through the program.

Microsoft estimates this would raise $500 million a year, which could be earmarked for science and math education to better prepare students for tech industry jobs. That’s tomorrow’s payout for the fresh meat Microsoft wants today.

You have to give the company credit for floating a creative solution to one of the thornier political issues facing the country. But more has to be done to get Americans to accept the deal proposed by the crafty software giant.

Really, how many politicians will agree to fill jobs with more foreigners, when millions of Americans are struggling to find work?

A generation is entering the workforce with little hope of ever receiving the wages, job security and stable pensions that enabled their parents and grandparents to buy homes and send them to college.

At the same time, the country’s future depends on its ability to continue being a font of creativity and innovation and a beacon of hope and opportunity for the rest of the world.

Building higher walls along the border isn’t the solution. This is a nation of immigrants, and the recent waves built and lead some of its largest employers. The tech industry is full of examples.

Google co-founder Sergey Brin was born in Russia. Microsoft Chief Executive Steve Ballmer’s father immigrated from Switzerland.

Then there’s Steve Jobs – the late Apple co-founder and icon of American ingenuity, prosperity and business prowess. He was the son of a Syrian Muslim immigrant, put up for adoption and taken in by an Armenian family in California.

None of that is any solace to American workers who can’t find work today. Especially those with technical skills or training that don’t sync precisely with the thousands of job openings advertised by companies like Microsoft.

Also outraged by talk of a “talent shortage” that underlies Microsoft’s visa proposal are smart, capable people whose careers were derailed by imperfect management systems or office politics.

Microsoft’s “stack ranking” system, which evaluates employees on a curve, regularly empties seats, raising questions about just how critical the talent shortage is in Redmond.

It’s hard to keep it in perspective.

While employees are gritting out their annual job evaluations and the unemployed are sending off their hundredth job application, a new crop of software developers is emerging from schools around the world.

We want it all. We want to help our neighbors. We also want Microsoft and other American tech companies to lure as many of the best and brightest as they can, so they work hard, build careers and invent the future here.

This is a tricky puzzle that has stymied Congress for years. It’s not getting easier with both presidential candidates talking tough about foreign economic competition while pledging to create more jobs.

President Obama went so far as to block a Chinese company’s purchase of four Oregon wind farms last week. Is he going to sign a bill allowing Chinese to take more American software jobs, just not our windmills?

To make its proposal fly, Microsoft and the tech industry need to offer more than just $500 million worth of math and science funding. Here are few ways they could make progress:

1. Create an online portal giving more details about what jobs can’t be filled domestically. Tech companies need to be more transparent about this to prove m

ore visas are needed. They also need to show special visas aren’t being used to fill jobs with lower-cost labor.

2. Use this reporting to create a system that helps government employment agencies and colleges better place job candidates. The data could also be used to focus education and retraining programs.

3. Use the $500 million in visa fees to invest in job retraining and placement services that address the current unemployment. Earmark a portion to retrain and place veterans, who could connect with programs such as Microsoft’s Military Outreach to transition to private-sector jobs. This may not produce top-tier software developers — some people have the gift, many don’t. But it would be a faster way to offset the job importation and make extra visas more palatable.

4. Before tinkering with visas, boost K-12 and college funding by eliminating offshore tax havens the tech industry uses. Microsoft alone uses these to trim its federal contribution by $7 billion since 2009, a Senate panel disclosed Sept. 20.

Microsoft is correct in saying tax law is too complex, enables these schemes and needs to be revised. But then the company turns around and suggests an elaborate new visa program.

(Don’t get me started on Microsoft’s tax breaks in Washington state, which is boosting computer -science programs but too broke for just about everything else.)

5. Link the call for additional visas with an equally bold call for broad tax reform, and a pledge to pay more taxes. That would provide more stable, continuous funding for education than unpredictable visa fees that will rise and fall with demand for foreign labor. It would also send the message that U.S. tech companies are doing everything they can to help their country.

As for the jobs at stake, the 40,000 new visas and green cards per year that Microsoft calls for won’t make a dent in unemployment. But they could actually help improve the situation.

In August, there were 12.5 million people without jobs in the U.S. The 40,000 positions are equal to 0.32 percent of that population.

The 40,000 new jobs are more likely to reduce unemployment as the imported workers buy food, cars, clothes and housing during their stay. This is obvious to everyone in the bustling area around Microsoft’s Overlake campus.

Even so, Microsoft’s proposal is a hard sell, especially when you have 12.5 million jobless voters.

No matter what happens, Microsoft gets points for using its megaphone to put an important and sensitive issue on the table during the election season.

It may want to pay us Tuesday for extra visas today, but it’s not being wimpy.

Read More

New app that can hack your smartphone camera and spy on you

US military experts have demonstrated a new smartphone app that can turn your mobile's camera into a spying tool for cyber criminals, secretly beaming images of your house, chequebook and other private information back to them.

The software can even build up a 3D model of your house, from which the hackers can inspect your rooms, potentially gleaning information about valuables in your home, calendar entries as well as spying on you.

The app 'PlaiceRaider' was created by US military experts at Naval Surface Warfare Center in Crane, Indiana, to show how cybercriminals could operate in the future, the Daily Mail reported.

The creators even demonstrated how they could read the numbers of a cheque book when they tested the Android software on 20 volunteers.

As long as the app could be installed on the users phone, it can instantly begin beaming back images from the phone when it senses the right conditions, and software on the other end can then re-construct maps of the visited room.

The team gave their infected phone to 20 individuals, who did not know about the malicious app, and asked them to continue operating in their normal office environment.

The team said they could glean vital information from all 20 users, and that the 3D reconstruction made it much easier to steal information than by just using the images alone.

Researcher Robert Templeman said their app can run in the background of any smartphone using the Android 2.3 operating system.

Through completely opportunistic use of the phone's camera and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments.

"Remote burglars can thus "download" the physical space, study the environment carefully, and steal virtual objects from the environment (such as financial documents, information on computer monitors, and personally identifiable information)," researchers said.

PlaiceRaider will silently take photographs, recording the time, location and orientation due to the sensors within most modern smartphones.

It will then delete any blurred or dark shots, before sending the rest back to a central server, which can reconstruct the user's room, based on information such as phone orientation.

Then the hacker can explore the user's property at will - for instance, scanning the room for calendars, private details on computer screens, and cheque-books or card details.

"We implemented on Android for practical reasons, but we expect such malware to generalise to other platforms such as iOS and Windows Phone," Templeman said.

Read More

Hewlett-Packard announces new tablet aimed at enterprise customers

PALO ALTO -- Hewlett-Packard (HPQ) introduced its new entry into the tablet market Monday morning, announcing the launch of an enterprise-focused mobile device dubbed the HP ElitePad 900.

The Palo Alto tech giant, the world's No. 1 personal computer maker, has struggled to break into the mobile-device market that has made Apple (AAPL) the most valuable company in the United States. HP attempted to jump into the field with its $1.2 billion purchase of Sunnyvale-based Palm in 2010, offering smartphones and eventually a tablet based on the webOS platform developed by Palm. The devices did not catch on with consumers, however: HP announced less than two months after the TouchPad tablet launched in July 2011 that it would cease production of hardware based on webOS, which it decided to offer as an open-source operating system.

Instead of making another attempt to enter the consumer mobile-device market, HP CEO Meg Whitman is instead targeting businesses with the HP ElitePad 900, hoping that the Windows 8-based tablet will appeal to companies that want to have more IT control over the mobile devices employees carry.

Businesses used to face a tough purchase decision: How to find a product that will delight employees and help them be more productive, while also making sure IT can secure and manage it. The HP ElitePad meets all those tests," Todd Bradley, executive vice president of HP's division focusing on PCs and printers, said in Monday's news release.

Whitman has given hints that the company would be jumping back into the market for mobile devices, saying in an August conference call with investors, analysts and journalists that HP was working on a new tablet offering, and telling the Fox Business Channel in a September interview that the company has also been working on a smartphone.

After the later interview, Moor Insights and Strategy principal analyst Patrick Moorhead predicted that HP would aim for the enterprise with any new mobile offerings, explaining that the bring-your-own-device trend will peter out a bit as workers attempt to perform more advanced functions than just accessing email.

"Email is one thing, but gaining access to confidential corporate data and true enterprise applications and being able to lock down and encrypt the data ... will become much more important," Moorhead said in an interview with the Mercury News last month.

The 10.1-inch tablet is powered by an Intel (INTC) mobile processor, part of the Santa Clara chipmaker's efforts to also push into the mobile market, and will run Microsoft's newest operating system, which has been developed with a focus on marrying the company's desktop operating system with mobile offerings. It is expected to launch in the U.S. in January 2013; pricing was not announced.

HP has focused on its enterprise offerings as the consumer PC and printer market has dwindled. In the meantime, Whitman has worked to trim down the company, with the biggest round of employee layoffs and buyouts in its history. HP announced last month that an additional 2,000 workers will be leaving the company, increasing the cutbacks to 29,000 through Oct. 31, 2014.

Hewlett-Packard stock moved higher Monday morning after the announcement, gaining as much as 3.3 percent higher by 9:30 a.m. Pacific time, when shares were trading for $17.41, a 2.1 percent gain from Friday's closing price. HP stock fell to an 8-year low in late August, hitting a low point of $16.77 on Aug. 30.

Read More

HCL launches mobility products in UAE with ME G1 tablet PC

IT hardware company HCL Infosystems today announced the entry of its mobility products in the UAE with the launch of 3G-enabled 9.7 inch HCL ME G1 tablet PC.

NEW DELHI: IT hardware company HCL InfosystemsBSE 7.16 % today announced the entry of its mobility products in the UAE with the launch of 3G-enabled 9.7 inch HCL ME G1 tablet PC. 

The tablet PC has been launched in the GITEX Shopper, 2012 fair in Dubai. 

Other tablet PCs in the ME range will also be available at the fair and all leading consumer electronics outlets in the UAE, the company said in a statement. 

The products are also available across Qatar, Oman, Kuwait and Egypt. 

"The ME series of tablets have proved to be an instant hit since its launch...We are confident that the advanced connectivity, innovative features and pre-installed applications will make it very appealing to consumers in this region too," HCL Infosystems Middle East and Africa CEO Shivkumar Gopal said.

Read More

Fix the iPhone 5 WiFi bug

Apple’s iPhone 5 arrives: The new iPhone 5 draws long lines Friday at Apple stores around the world. The latest version of Apple’s smartphone is expected to break first-day sales records.

Apple has released information on how to fix a particularly bad iPhone 5 bug that burned through the data plans of some Verizon customers.

Those who bought the new smartphone noticed that they were being charged for using cellular data even when they were using their phones on WiFi networks. That quickly ate through their monthly data quotas and, in some cases reported on Apple’s support forums, nearly cost some users hefty overage fees.

On Sunday, the company posted a page on its help center telling users how to fix the problem.

To do so, users should head to the “About” menu in the general settings menu of the iPhone. An alert should pop up with a message saying that your carrier settings have been updated. Hit the “okay” button to get the update. Once it’s installed, turn the phone off, and then on again to activate the update.

Once your phone is back on, head to the same menu. If the problem’s been addressed, the words “Verizon 13.1” should be in the “Carrier” field.

If you were affected by the glitch, Verizon has said that it will work with its customers to fix the situation.

In a statement to 9 to 5 Mac, Verizon Wireless said that it will not be charging users for “unwarranted cellular data usage.”

Verizon hasn’t released how many iPhone 5 units it sold in the first push, though the company’s Web site shows that the iPhone 5 will not ship until Oct. 26, 2012.

Verizon iPhones shipped “unlocked,”meaning that the same device could be taken to other phone networks. While Apple sells unlocked versions of the iPhone 4S and iPhone 4, this is the first time that a carrier has done so. Verizon said that it will not relock the iPhone, meaning that users will have the option to take their phones to a competing network after their initial two-year contract with Verizon expires.

The unlocked iPhones will not, however, work other carriers’ high-speed 4G LTE networks.

Read More

Zuckerberg Dresses Up for Medvedev Meeting

Mark Zuckerberg, chief executive officer of Facebook Inc. FB +1.19% (left) shakes hands with Dmitry Medvedev, Russia’s prime minister, at the Gorki residence near Moscow, Russia, on Monday, Oct. 1, 2012

Facebook Inc. co-founder and chief executive, Mark Zuckerberg, decided against his casual apparel and wore a formal suit Monday to meet his high-placed fan, Russian Prime Minister Dmitry Medvedev.

Mr. Zuckerberg came to Russia to boost Facebook’s position in the Russian market and encourage local engineers and programmers to work for the company. He said he was honored to have been invited to see Mr. Medvedev. He presented the prime minister a T-shirt with Mr. Medvedev’s Facebook page address.

Mr. Zuckerberg didn’t meet Russia’s leader, President Vladimir Putin, whose attitude towards social networks differs from Mr. Medvedev’s.

Facebook and other social networks were pivotal in mobilizing tens of thousands of anti-Kremlin protesters last winter and remained the main platform for opposition opinion making and discussion, in contrast with the country’s mainstream media.

Mr. Putin and some of his conservative supporters have repeatedly played down the role of social media in Russia, portraying opposition leaders as stooges of the West. Unlike Mr. Medvedev, Mr. Putin has no Facebook page.

Black-tie meetings aren’t the only items on Mr. Zuckerberg’s Moscow agenda. On Sunday, he did some sightseeing, taking pictures of St. Basil Cathedral, the Red Square, and even a local McDonald’s restaurant.

He’s giving a lecture at the Moscow State University on Tuesday.

Read More

Apple eyes India stores, but laws may hold it back

Apple is reportedly subject to a law that requires 30 percent of a company's products to be sourced locally.

Apple's store in Hong Kong.

(Credit: Apple )

Apple's retail stores are expanding their footprint globally. But now, their move into India could be held back.

Earlier today, the Economic Times reported that Apple is currently considering opening stores in India. However, The Wall Street Journal reported today, citing sources, that the company is subject to a law that requires all foreign retailers to source 30 percent of their product sales from local companies. In other words, 30 percent of the products sold in the stores must have come from an Indian partner.

For Apple, that's a problem. The company currently relies on companies like Foxconn and others to produce its products in China. Apple does have some outsourced activities in India, which could help the company bring its stores to the country. However, one Journal source says that such a relaxation of the laws could take "a couple of years" to be completed.

Such changes are by no means unprecedented. Late last year, India nixed a rule that would allow companies selling their own products to own at most, 51 percent, of the operation. Now, they can own it all.

Apple has been quickly expanding its retail presence around the world. Last week, in fact, the company opened a second store in Hong Kong. Apple currently doesn't have any stores in India.

Originally posted at Apple

Read More

Navy devs cook up Android spyware to map your location - in 3D

Indiana students working with the US Navy have demonstrated malware capable of mapping a room and creating a 3D-navigable space to help information thieves find what they're looking for.

The Indiana University team, which includes a representative from the Naval Surface Warfare Center, created PlaceRaider – smartphone software which covertly takes snapshots every two seconds and then runs those snaps through existing analysis software to create a 3D model, which enabled users to find bank details, snatchable property and even when the residents were likely to be out.

The idea is that the software, called PlaceRaider, could be embedded into any of the camera-enhancement applications already available in the mobile app marketplaces, providing it with all the permissions it needs to carry out the attack. Once installed, PlaceRaider runs in the background, covertly taking snaps opportunistically as the user moves around the room with the phone. The malware mutes the volume before every snap to prevent the shutter sounding. Along with the pics, the camera records its orientation to help it build the 3D model later.

Obviously useless snaps are then discarded – which amounted to almost three-quarters of them in testing – and the rest are sent back to the miscreant along with the orientation data. All that data is then run through the Bundler toolkit - a stitching package following on from Microsoft's legendary Photosynth application, which glues together unrelated photos of the same subject. The result of that is run though the open-source Patch-based Multi-view Stereo Software to create a 3D navigable space.

It's not quite that easy, in the detailed write-up (PDF, detailed and well written) the team points out that Photosynth can rely on most pictures being horizontally aligned (as they come from Flickr, or are at least deliberately taken) while their samples were at all sorts of angles though they did have the orientation data to help address that.

The point of the process was to make it easier for the miscreant to find stuff worth seeing, so the team set a room with a decent amount of data on display (cheques on the desk, a wall calendar carefully noting foreign travel, and so forth). Twenty students were then asked to complete normal mobile-phone takes on an infected HTC Amaze, without knowing the true purpose.

Once the data had been gathered, another group of students were asked to see if the data contained anything useful, with half being given the raw images (between 800 and 1,400 of them per sample) and the other half getting the 3D experience. Unsurprisingly those able to visualise the space made a much better job of finding the data, showing the analysis was worthwhile.

That's nothing to panic about right now, the process was complicated and the threat indeterminate (take a look around you now, decide what in the vicinity would be of value to a thief, and realise the threat isn't really credible just yet), but that will change as the processing power of the phone increases (enabling it to filter out more information) and more bandwidth becomes available.

It was lack of bandwidth which prevented the team from using video, but the implications are obvious. Web cams have been hijacked many times, but they generally point in one direction and thus have limited value for snooping. A mobile-phone camera gets a decent sweep of the room every time a call is answered, increasing the risk hugely.

The PlaceRaider team recommend removing the ability to mute the shutter sound (which they do by reducing the volume, as Android already insists in playing it every time a photo is taken) and limiting access to orientation data, though they also admit that a PlaceRaider-detector would be trivial to write and that anti-malware software might become increasingly necessary as the cameras we carry around start being used against us.

Read More