Lucious Fox creates sonar gear for Batman

In “The Dark Knight”, Lucious Fox devises a method for Batman to use sonar signals emitted from everyday cell phones and turn them into a unique sonar beacon that only Batman can see using special equipment in his hood. Lucious Fox gathers intelligence (such as floor plans) on a heavily guarded building using a prototype of the device prior to Batman’s assault to give him an advantage during the operation.

Android malware combines technologies in smart phones

New malware created as an academic exercise for Android devices combines several smartphone capabilities, including the compass, orientation sensors, and camera to create detailed maps and layouts of an environment… and all while snooping for personal and financial data as a bonus. The malware, “PlaceRaider”, silently takes pictures in the background and associates metadata such as the time, location, and orientation of the mobile device with the photo.

Reconnaissance gathering, data theft, privacy invasion

Algorithms in PlaceRaider analyze images, removing photos that are blurry or too dark to see, and upload usable photos to a central server. The server-side software processes the images into a 3D model of the location so that “would-be” thieves know the layout of the prospect ahead of time, and may even get a leg up by knowing where valuable targets are located to create a plan of action that maximizes profit and time efficiency. The images are also analyzed by the server-side software for financial or personal information that can be used for fraud or identity theft, increasing potential profitability while avoiding the risks associated with physical penetration.

Batman extends functionality to all Gotham residents

In The Dark Knight, Batman extends the sonar functionality from a single device to all of Gotham’s residents (at the behest of Lucious). Likewise, such capabilities could be leveraged by criminals, law enforcement organizations, as well as clandestine agencies and regimes to peer inside the lives of targets. Lucious expresses his concern to Batman that the ability to monitor millions of people is too much power for just one person, and that he would resign if Wayne Enterprises continued to implement the technology. Lucious then agrees that he can justify using the system, just once, given the imminent threat of the Joker’s terrorist plot and the potential consequences for Gotham’s citizens- on the condition that it is destroyed once the mission is complete. This is an interesting allegory to the current era of balancing constitutional rights against the potential danger to the public, and the ongoing “War on Terror”.

Surveillance dream come true for the lawful, lawless, clandestine

This malware exercise shows the capabilities of real life systems using today’s real world technology. Consider for a moment that up until this point, some of the worst malware incidents have racked up estimated damages near $38.5 billion for losses, recovery, and downtime costs. Imagine the costs that might be associated with widespread use of this malware for fraud, identity theft, and, on top of that, physical intrusion. Now, also consider recent incidents of cyber warfare between nation states, such as Stuxnet, Duqu, and Flame. These attacks target the infrastructure and operations of an entire sovereignty, and adding the capabilities of this type of malware to that threat is staggering to think about. Instead of mapping out just individual homes or private businesses, it could be used to infiltrate critical infrastructure (such as utilities), government agencies, or military targets. Such capabilities would be desirable to the lawful, lawless, and clandestine alike.

Continue the Conversation on Twitter @SafelightSec 

Connect with Mike on Twitter @SafelightCoop


Get the Newsletter

Every two weeks we'll send you our latest articles along with usable insights into the state of software security.

Posts by Topic