HACKoDROID: An Increasing Tendency Toward Smartphone-Based Attacks

New Smartphone technologies have made our lives easier. At the touch of a button, you can call a cab, pay bills, connect with your friends and even reach your personal trainer. On the other hand, the world of hacking and cracking now also has a lot of useful tools to hack your system and steal your data, using a smartphone.

We have recently seen the development and publishing of hack applications for smartphones on underground forums. The wide range of such tools means that anybody can find a suitable tool for dubious purposes. The items available include a variety of DDoS tools, wireless crackers, sniffers, network spoofers and more.

HackForum Post
HackForum Post

Most tools are only available for Android smartphones, and many require root permissions. The most popular tool for cookie theft is DroidSheep. With the help of this tool, an attacker can collect all browsing data, including logins, passwords and more, merely by using the same Wi-Fi network as the victim.

Moreover, the attacker can connect to the victim’s password-protected Wi-Fi network. There are several Wi-Fi cracking tools, for example, WIBR+ uses uploaded password databases to identify passwords common to the victim’s network. The users can also upload and update these databases. Another tool – Wi-Fi Kill – is capable of shutting down any other device connected to the same network and can intercept pictures and webpages recently visited by users of this network.

More and more tools now include more than one hacking capability. The DSploit tool features such functions as password sniffers, cookie sniffers, browsing history sniffers, and webpage redirecting. Another program, Bugtroid, contains cracking and protection applications. The owner can choose the most suitable program from a list and install it in one click. The tool offers a variety of tools to suit almost every cracking purpose.

Sniffers and DDoS Tools
Sniffers and DDoS Tools

For iOS systems, there is a limited number of hacking tools, mostly in the realm of game cracking. Examples of such tools are GameGem and iGameGuardian. These tools break games for the purpose of stealing monetary units. The most common tool for iOS is Metasploit, which contains a number of useful applications for different fields.

The tools presented above are not new, but they represent the main capabilities in the field. We are seeing a growing tendency to use portable devices, such as smartphones and tablets, to conduct attacks in public places. Mobile devices and public Wi-Fi networks tend to be less protected and more vulnerable. With the help of collected data by mobile device, the attackers can perform more complex attacks via PC. As long as there is no protection awareness regarding mobile devices, we expected a continued increase in the number of smartphone-based attacks.

List of Hacking Tools
List of Hacking Tools

Cyber in the Sky – RQ-170 Incident

On December 4, 2011, an American RQ-170 UAV crash-landed in northeastern Iran, bringing Iranian cyber warfare and electronic warfare (EW) capabilities to center stage. Since then, there has been much speculation about the cause of the malfunction in the UAV and possible Iranian involvement in bringing it down.

The Iranian government made an official announcement, declaring it had successfully taken over the UAV systems and landed the UAV intact.

But how did Iran do it?

While it was generally known back in 2011 that Iran possessed GPS jamming capabilities, the demonstration of this purported new capability to control a U.S. UAV and force it to land in Iranian territory sparked a whole new discussion regarding Iranian cyber warfare capabilities.

Experts on both sides suggested the possibility of GPS spoofing, thus taking it to another level.

While aircraft jamming is a known capability, albeit requiring a powerful-enough jammer, spoofing is what some would call the next level. It involves taking control over an aircraft navigation system and forcing it to land instead of following protocol and returning home when faced with enemy EW measures. Supporters of the ‘Spoofing Theory’ claim that the RQ-170 actually did follow protocol and returned to its ‘newly programmed’ home base – outside Kashmar in Iran.

According to several Iranian sources, this was an integrated attack combining a first stage of jamming followed by a second stage of spoofing.

Starting by disconnecting the UAV from its command center, the Iranians forced it to switch to internal guiding systems. At this point, the GPS system was jammed and misleading geographic data was sent to the UAV making it ‘believe’ that it was above the correct landing point.

It is important to mention that the idea of a possible disconnection of the UAV from its command center was noted by several sources but no references were made to the means by which this was achieved. It is unclear whether the disconnected command center was operating from the U.S. or from an American base in Afghanistan.

Although this scenario was suggested by Iranian sources and it is only one of several possible explanations for the incident, it is nonetheless important to consider the GPS spoofing as a very real option and be aware of the effect this ability can have on positioning Iran as a leading cyber warfare player in the Middle East.

RQ-170 Sentinel UAV
RQ-170 Sentinel UAV model as published by Iranian sources