Futaba _ Webs πΈπΈππΈπΈ
DANGER! Your Mobile Devices are VULNERABLE! πΈπΈππΈπΈ
Today, I want to talk about the dangers of mobile end devices, how everything is connected, the risks they pose, as well as how they can be critically exploited by threat actors.
π Article π Glossary π Catalog π Home π Search Modeπ Article Glossary
πΈ Synopsis πΈ
Today, I want to talk about the dangers of mobile end devices, how everything is connected, the risks they pose, as well as how they can be critically exploited by threat actors.
πΈ Article Topics πΈ
I'll be discussing the following topics in order: π Premise π NEGATIVE PENALTY! Everything is connected π NEGATIVE PENALTY! You can be traced! π NEGATIVE PENALTY! Session Hijacking/MFA bypassing You can click on any of the topics to simply check that one out if it interests you! NOTE: Articles are read from LEFT to RIGHT via 2 columns! Read the first column all the way down and then move to the next one!
πΈ Key Links πΈ
Here's a quick run down on all the main links that are in the article in case you want to check them out first. π LinkedIn Version π Patreon Version
π DANGER! Your Mobile Devices are VULNERABLE!
Premise πΈπΈππΈπΈ
This article topic was inspired from a recent thread I was in where a womanβs mobile device got hacked and it led to various parts of her life being compromised in the process, putting her overall safety as well as that of her friends and family at risk! I wanted to raise more awareness and teach people how to protect their digital identity! A lot of the article will be me addressing what happened, as well as remedies I gave her to protect herself.
This is also the start of a new series that is called the βDANGER!β series, where I raise more Cyber Security awareness about critical flaws and vulnerabilities within system infrastructures, including any protocols and data communication methods, where I also talk about mitigation strategies that can be used to prevent such threats.
There will also be a LIVE demonstration for those of you who are subscribed to my patreon, to see how closely I can exploit mobile end devices in order to retrieve any and all sensitive data from the mobile end device! There will also be a step by step exploit guide walking you through the entire process as well, and how to gelocate someoneβs phone and turn it into a GPS tracker!
NEGATIVE PENALTY! Everything is connected πΈπΈππΈπΈ
One of the biggest things about technology is that EVERYTHING is connected. When isn't something going online? Even stuff like electric toothbrushes are being connected to the internet. We also have stuff like smart homes and other various means of smart technology that make our lives easier.
The problem with all of this is that it also makes life easier for Hackers. Everything being connected extends the main scope and attack surface for them, allowing threat actors to further exploit systems in various ways. We are in a sense creating our own colossal monolithic structure where everything is both connected and further dependent on each other, which can be lethal in VARIOUS ways!
What do I mean by this? Well, for starters, letβs say that a hospital system that contained a multitude of life support systems were connected online and to various networks. What would happen if a threat actor with ill intentions breached the network?
If an attacker were to breach it, they would essentially be able to play GOD, controlling the entire system and being able to choose whether or not actual Lives were lost. If they wanted to, they could shut down all the power systems, even the backups since a lot of this stuff seems to be connected nowadays, killing EVERYONE on life support in the process.
Another example, would be the woman whose mobile device I talked about was breached, allowing the attacker to control her entire mobile phone and anything she gave it access to: smart home tech, Bluetooth devices, sessions that she had on, etc. The hacker was also able to ruin her credit as a lot of her personal information and files were on the system, and they happened to gain access to that as well, even sensitive contacts and messages that were directly on her phone. One little device cost her EVERYTHING and put her and the people she cares about at risk!
This also gets scary because, letβs say that her phone was used to authenticate to anything within an organization that she worked for. It would lead to a massive scale breach. A lot of infrastructures are still new to solid Cyber Security practices so things like this DO happen!
If they wanted to spoof her and do spear phishing, like Iβve mentioned, they have access to ALL of her contacts and can pull up that information. They can even spoof her number and do all sorts of nasty stuff with it, like bypassing any and all MFA she has on the phone, allowing them to even do scary stuff like wiring themselves money out of her bank account.
NEGATIVE PENALTY! You can be traced! πΈπΈππΈπΈ
Your phone is a walking GPS locator! If your phone gets hacked YOU ARE IN DANGER!
One of the scariest things the woman that got hacked didnβt realize.. WAS SHE WAS NOW A WALKING GPS target for them to find anytime they needed to. This meant that anytime she was around friends or family, their address and location information, or should she even connect to their home network, COULD ALL BE TRACED AND COMPROMISED in one go. She was basically a walking botnet they could command and control all in one go.
For many that do not realize this, your phone is connected to a cellular network via a sim card that is attached to it, allowing it to connect to the cellular network, which provides you with a private IP address that is then converted to a PUBLIC IP address that can be used to allow you to connect to the internet from your phone.
This means that if an attacker wanted to, they could secure your POSSIBLE location regardless of where you are as you ALWAYS tend to have your phone on you! Hackers can exploit this and ping your every move! Even if this method is debunked it's still possible to trace you with the device via other alternatives. I ran a few tests with this. If someone were to breach your device and you were connected to a personal network, such as your home network it would also be highly possible for them to ping your location since it's connected to your home network as well. You also have to keep in mind there are apps on your phone that give your location details away since you give the permission to collect that from you depending on the application.
NEGATIVE PENALTY! Session Hijacking/MFA bypassing πΈπΈππΈπΈ
Your mobile device is one of the greatest forms of session hijacking. Session hijacking is where you are able to breach a victim's system and βuseβ any sessions that are currently in progress on them.
For example, your Facebook session. If you tell Facebook to keep you logged in, it will generate a cookie that can be used to remember your session and progress, which you can pick up on even if youβve powered the system on and off. This can be critical and fatal, since an attacker could exploit this should you leave your system unattended anytime in order to do stuff like: wire themselves money via Facebook pay, change your credentials, access sensitive conversations and pretend to be you, etc, and since this is on your mobile device they will of course have access to the various means to bypass MFA on your mobile device!
If you like to see the more advanced version of this article that talks about methods that can be used to mitigate, as well as any videos included, SUBSCRIBE TO MY PATREON CYBER SECURITY TIER!
If you enjoyed this post give it a thumbs up! Iβll be keeping track of whose reacting from now on as there is a βspecialβ reason for it. Just know the more you support my content the more there is in stored!
- The Hacker Who Laughs πΈπΈππΈπΈ
