Mobile vendors invest a lot of effort into their products. Usually, “bigger and faster” is their motto. And I have to admit that the last Mobile World Congress introduced some very interesting models, such as the Sony Xperia Z2. I am not into sales, so I will not get into every little spec detail, but I would like to point out the following:
- Memory: 3 GB RAM
- CPU: Quad-core 2.3 GHz Krait 400
(As published on GSM Arena).
Now if you ask me that looks like the specs of a pretty damn good laptop. And with a decent machine, you can do some serious damage. Assuming you have the proper tools, of course.
Anyone who knows me will tell you I am a fan of open source. I think that the concept is great and, simply put, sharing is caring. Most of the greatest tools that I have ever worked with were based on Linux and were shared freely by their authors.
One such bundle that was created and is now considered THE Swiss army knife for security purposes is the BackTrack. It is a combo of various tools that you can use to test your systems, networks and applications. Needless to say, this tool is not only used by security professionals, but also by less noble groups.
A particular aspect of open source that I admire is the flexibility, scalability, and ability to modify pretty much anything you want. It allows you to shape a better product or tailor one to suit your needs. I mention this because I have personally encountered various versions of BackTrack that had other tools and features.
So what do BackTrack and mobile phone companies have in common? Apparently a lot more than I expected.
We have encountered a suite of tools based on BackTrack capabilities but modified to operate on an Android phones. It is essentially a managing app that downloads various modules according to your tests. So if you want a DDoS app, all you need to do is download it and take it for a spin.
This suite is offered by a legitimate company and can be downloaded after paying a certain fee. Alas, as I mentioned, not everyone likes to play by the rules. We discovered that the suite was cracked and modified to include more features. You can download it for free, install it on your Android and execute a series of attacks – DDoS, network mapping or an injection of various sorts.
Going back to what I started with, you do not need serious equipment any more. All you need is good smartphone and a cracked app, and you are good to go.
This trend of modified applications that harness the hardware potential of smartphones is expanding rapidly. Cross-platform attacks are a growing phenomenon and smartphones play a vital role in them.
What can I say? It’s a brand new world out there.. and it only gets more interesting…