Mobile Hacking: Really

by papill0n

I'm paid to talk.  Wherever it may be, I'm paid to empower corporations and bosses to watch their employees... GPS tracking devices, surveillance systems, hidden cameras, and key loggers.

From Beijing to Tokyo, San Francisco to Paris, and everywhere in between, I do my job and I do it well.

Companies are a lot like prisons.

Instead of prisoners being watched for contraband, employees are watched for productivity and ensuring that valuable information does not escape.  The Devil's Islands have been replaced by compounds with their own private securitied and walled cubicle containments.

Despite being invited in to these compounds, there sure is a lot of distrust for me.  At the checkpoints, my laptop is almost always checked in and left at security.  After much disagreement, my phone is always returned.

Nobody ever wants to be responsible for my missed productivity or if their boss cannot call me for some discussion prior to a sales pitch, system installation procedure, or just a pre-meeting chat.  Of course, I have to promise to not take pictures!

After some lengthy wait in the main lobby, I do the usual drill of explaining the products, systems, and deployment to allow close monitoring of the office drones, as well as securing data, servers, NAS systems, workstations, and physical locations of employees.

It sort of reminds me of those nature programs I used to watch as a kid - some weird biologist who gets off by watching every moment of the poor animal tagged with a transmitter of some sort, just in case by pure luck the animal can get away from the obtrusive intruder.

More and more, the topic of securing smart phones comes up.

For defense of the employee, the topic of legal and moral obligations come up, corporate versus private phones and rights thereof.  Luckily smart phones have always been viewed as more of a security risk to the carrier and not the company.  That, of course, is acceptable.

From rogue bank apps, devices physically stolen with all the personnel info, or the evil hackers who are the only people in the world sick enough to want to hack a cell phone to allow the user to be monitored 24/7.

At the mention of this, grins and congratulations are frequently shared between members of the Board of Directors and General Managers across the meeting room of how somebody was smart enough to implement a wireless network to allow more productivity with smart phones to permit employee synching into the network, but the open network was contained within the walls.

I smirk inside.

I want to tell them that, if I wanted to, I could run THC Hydra to brute-force their network devices for the length of the entire meeting, or 20 minutes earlier when I was in the bathroom, I could have had Wireshark running to scan for interesting bits of info, or, better yet, I could have a Meterpreter shell on one of their systems.

All of this done from an ordinary phone on an open company network.  But I am different from them.  I have a sense of dignity to always do right, even if they are lacking it.

I found out about the possibilities of this a few months ago.

I stumbled upon a Linux capable of running from my phone called Laika.  Laika is run from the phone by chrooting into it and running from there.  There are a few things to keep in mind.  This is a full desktop OS running from a smaller and lighter mobile phone.

Laika does not replace the mobile's OS.  The OS is running from within Android, so a performance hit is taken here as well.  If you run it with the desktop environment, it will be slower than from a desktop even with the lightweight desktop environment Laika runs.

The command-line interface is more than capable for tools like THC Hydra, Nmap, and Metasploit .  It's Linux, sometimes the CLI is just the way to do things and it's more old-school 1337.

The things you will need are an Android powered phone (these can be had for under 100 euros or $125), a mobile with Wi-Fi, and the Laika OS image file from androidclone.com.  You need the latest version of BusyBox on your phone.  A rooted phone.  Most importantly, you must be able to tether your phone to a computer to enter commands into it.  According to the site, certain phones are easier to get running than others, so read before doing anything, as some phones need more work than others.

If you are stupid enough to actually run this, I take no responsibility for whatever happens.

If you break your phone, your fault.  If you do bad things and get caught, your fault.  This is educational only and for use on systems you have permission to play on.  If your sense of what is right and wrong isn't as strong as mine, stop reading and don't tempt yourself.

There are several ways to install and run the image.  Besides the instructions from that website, the surest way is using Android Debug Bridge (adb) from the Android software development kit.

Using a phone that has been rooted and has the latest BusyBox version, put the bootubuntu file and ubuntu.img file that you downloaded from that site on your SD card in a folder named ubuntu.

Next, enter these commands using an adb shell:

$ su # mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system # cd sdcard/ubuntu # cp -f bootubuntu /system/bin # mkdir /data/local/mnt # cd /system/bin/ # chmod 777 bootubuntu # reboot

Once you have a full Linux OS running in your pocket, take the time and think of all the open networks and how a phone doesn't bring much attention.

Did a chill just run down your spine at what it might mean for the good guys to test their own security using a mobile phone?

Or what other tools a bad guy might be able to actually run from a phone?