Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Black Hat: It's not 'tricky' for hackers to turn your phone into a SpyPhone

Ms Smith (via Networkworld) | Aug. 2, 2013
At Black Hat USA, a security researcher explained how to inject malicious code into any app so it can secretly take photos, record conversations, and track locations.

"I do think the bad guys are doing something like this, injecting their malicious code into existing apps," McNamee said. "It's pretty straightforward. It requires the ability to unpackage and repackage apps. It's not exceptionally tricky, but it does require some knowledge of how the Android system works."

Kindsight Security Labs previously reported, "It is surprisingly easy to add a command and control interface to allow the attacker to control the device remotely, activating the phone's camera and microphone without the user's knowledge. This enables the attacker to monitor and record business meetings from a remote location. The attacker can even send text messages, make calls or retrieve and modify information stored on the device - all without the user's knowledge."

The report added, "When connected to the company's Wi-Fi, the infected phone provides backdoor access to the network and the ability to probe for vulnerabilities and assets. With these features, an ordinary smartphone becomes the perfect platform for launching advanced persistent threats (APT)."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.