Hacking an Android is getting easier
Hacking an Android is getting easier, 80% of the world’s smartphones use Google’s operating system, and the tools available to break into them can almost be used by a child.
The crackers (intruders who violate the digital security of a computer) had installed a fake cell tower in the vicinity and activated a microphone on their device once the company board meeting began. Shortly thereafter, a group of shareholders sold their stake in the company, earning $30 million. The incident took place last year, according to Gregg Smith, CEO of mobile security company KoolSpan, and is by no means an isolated case. In fact, the researchers say it’s getting easier to take control of certain features of Android devices, like the microphone or camera, with online tools that are getting easier to use.
Security research firm Symantec recently highlighted that a remote access tool (or RAT), known as AndroRAT, was being shared on underground forums and that, coupled with a new tool called a binder, allows attackers to extract personal information from a phone. Android.
AndroRAT can retrieve a phone’s call logs, and SMS messages and monitor calls, take photos and make calls. Once would-be crackers have downloaded the remote access tool, they can use the binder to integrate AndroRAT into a legitimate-looking application, such as Angry Birds. The binder costs $37 online, while AndroRAT is free and open source.
AndroRAT was first discovered in November 2012, but binder made its appearance more recently and is key to making it possible for non-programmers to infect an Android device with the malicious tool.
Once they’ve done that, they just have to upload their infected app to a site and wait for others to download it. Symantec analyst Vikram Thakur estimates that roughly 50% of downloaded Android apps globally come from third-party sites, and the practice is common in China, where the government has banned access to the official Google Play store. .
Attackers often infect a copy of a paid gaming app and advertise it as free to attract more downloads. “The victim plays the game,” says Thakur, “while the Trojan is doing his job in the background.”
Sometimes attackers just want to steal contact information, which depending on its origin can be highly prized on the black market. Other times they will want the hijacked phone to send Premium SMS. In the latter case, victims may remain oblivious to what is happening until they receive their monthly bill; Trojan horse applications can also intercept operator alert messages and delete them.
Thakur estimates that thousands of people around the world have downloaded AndroRAT-infected apps, though he believes security services and Internet providers will step up efforts to detect the intrusion.
This simplification of mobile hacking tools comes as no surprise to security industry insiders, who have already seen aspiring crackers use automated attack tools like sqlmap or Havij to carry out relatively simple SQL injection attacks. to steal user data from websites. Notorious hacker group LulzSec revealed that it used Havij to steal passwords and email addresses from PBS in the summer of 2011, and may also have been used by hacker group Cr3w Cabin to breach a Utah police database. in 2012.
Darren Martyn, a former LulzSec member who now works in information security, says there are parallels between the way accessible tools like Havij, LOIC (a super easy-to-use tool for DDoS attacks), and AndroRAT binder have done more easy for second-rate cyber criminals with no programming skills to infiltrate web applications and now Android devices.