What is Smartphone hacking and MSFvenom?
Smart phone hacking is a practice whereby a third party gains access to an individual’s smartphone through a variety of methods, mostly using a dangerous application that provide remote access to the listener or hacker.
MSFvenom is an instance of Metasploit framework and a combination of Msfpayload and Msfencode. msfvenom replaced both msfpayload and msfencode5.
Who and Why hacks Smartphone(Android)?
The legality of phone hacking is heavily dependent on who is doing the hacking.
For example, law enforcement and national governments often use cell phone hacking methods to apprehend criminals and monitor dissidents. On the contrary, cyber criminals do so to gain access of someone’s credential. Depending on their motives, the hacker may simply view data stored on the phone, broadcast your location or send messages to your contacts under your name.
Where and When Phone hacking occurs?
Simply put, cell phone hacking occurs when someone else gets into your phone. The attacker usually tries to “persuade” the device owner into installing a malicious phone application to their own Smartphone.
How to do the Android hacking by APK(PRACTICE)
MFSvenom – To generate the hacking APK or payload via Metasploit framework
Metasploit – To serve as the listener and also hack the android device ny exploiting it with meterpreter payload
Scenario – We aim to hack an android device using an APK payload
- Create the apk using MSFvenom set the LHOST to the listener IP address and LPORT to the port that will be used to listen the android device
- Install the apk into the android device, it will be registered as “Main Activity”
- Run the installed listener application on the android, it will run in the background
- Set up the listener on Metasploit with the following settings:
- Then type “exploit -j” to start exploiting the android application
- If the apk installed and metasploit listener set up correctly, meterpreter session will be opened automatically
- Start the meterpreter session by selecting one of the opened sessions, and type sysinfo in the meterpreter to check the version of the hacked android
- One example to exploit the android app is to take a snap from the camera without the device itself saving the image.
- As we can see, the detail of the snap will be shown after the camera took a picture
Conclusion and Solution
So as discussed above, we can conclude that smart phone hacking is a practice whereby a third party gains access to an individual’s smartphone, occurs when someone unauthorized gets access into the phone.
To avoid phone hacking, it is recommendable for smartphone or other gadget owner to not use and install malicious application into their device, as it could grant hackers remote access of the device.
