Security news

How Does a Spy Cell Phone Software Work? Protect Your Phone

The last years have demonstrated a powerful boost in modern inventions in the world of tracking and surveillance. Now with the use of mobile technologies, it became possible to keep an eye on someone`s device remotely.

The appearance of spyware is directly linked to the way modern technologies have changed our lives over the past few years. While before a smartphone was only a way to stay in touch with a family, now it is an integral part of our everyday life.

Many people live their lives on their devices, storing information and recording everything they do. For this reason, cell phones became the main target for spying apps.

Spyware for cell phones helps to make this task easier and available to everyone. Actually, even if you don`t have access to the target device, you still can check what the owner is up to, getting useful insights about the information stored on the phone.

What is Cell Phone Spyware?

Spyware is malicious software (or malware) that secretly intercepts and shares sensitive information without a user`s consent. It can be installed as a hidden component of the software or through fraudulent ads, websites, instant messengers, links, file-sharing connections, etc.

In most cases, malware is difficult to detect as it runs quietly on the background, capturing the user information and device activities.

This includes browsing history, keystrokes, authentication credentials, keystrokes, screenshots, emails, credit card numbers, passwords, and other personal information.

How to Get a Spyware for Cell Phone

Spyware can infect your device in the same ways any other type of malware does. For instance, by means of a Trojan, exploit worm-like viruses, etc. Here is the list of the most common techniques to infect your computer or cell phone:

  • Security vulnerabilities: You may infect your computer by following suspicious links or opening attachments know as they may contain viruses and spyware. More than this, it is also possible to infect your device with spyware just visiting a malicious website or clicking a fraudulent pop-up.
  • Deceptive marketing: Quite often, spyware authors introduce their malicious programs as a must-have tool, which may improve the device performance and provide a range of benefits.
  • Software bundles: All people like cost-free applications. But very often they are only a host program that hides malicious add-ons, plugins or extensions. The worst thing is that even if you uninstall the host app, the spyware will still be on your device.
  • Misc: In addition to the primary malicious intent, Trojans, worms and other viruses also distribute spyware.

What Harm Can Spyware Do?

Spyware tracks all your activities, including Web browsing and movements having a direct effect on your information.

A thing to worry about is spyware for cell-phones. These programs are aimed at gathering device information for nefarious purposes. For instance, identity theft, corporate espionage, spying on camera or recording someone`s surroundings.

The spyware for cell phones is a kind of malware, which is about to become more prevalent in the future as mobile devices get more like computers.

What Can Spyware for Cell Phones Do?

Whatever app you choose, all major spyware manufacturers offer a similar number of features:

  • Text messages: all text messages, both sent and received are available for tracking. Some companies even allow the deleted messages monitoring.
  • Web history: Internet browsing history, bookmarks, and cookies are also visible for checking.
  • GPS: current GPS location, as well as the recent movements, are available for tracking.
  • Downloads: photos, videos, calendar entries, contacts, and other data are also available for monitoring.
  • Email: sent and received emails can be viewed, including the other information like sender, recipient, date and time.

All these features are considered as basic ones provided by all spyware manufacturers. But some of them offer advanced features for the extra cost. The advanced features include:

  • Call recording: all target phone incoming or outgoing voice calls can be recorded, download and played back later on.
  • Instant messengers:  WhatsApp, Facebook Messenger, Viber, Snapchat and other platforms can be monitored.
  • Phone surroundings: target device surroundings can be recorded with the activated microphone.
  • Remote controls: this feature allows getting full control over the target device, blocking and unlocking it. If needed it is possible even to wipe all the data from the target device.
  • Installed apps: all the installed apps can be tracked, helping to restrict the unwanted ones.
  • Alerts: using this feature it is possible to set up a list of trigger words and be informed when they appear on the target device. The same can be done with phone numbers.

Facts About Spyware for Cell Phones-

  • The spyware for cell phones can be installed from suspicious websites, Bluetooth, MMS or PC connection. Its way directly depends on the target device compatibility.
  • Spyware for cell phones which is claimed to be installed remotely via Bluetooth connection, need to be paired with a target device first.
  • Spyware for cell phones remote installation is possible, but it is needed to trick a person into downloading and installing it on their device.
  • The easiest way to trick a target into the installation of spyware for a cell phone is to send bogus MMS with a hazardous link. Sending messages with fake links can easily trick the owner into the spyware download.
  • Spyware for phones can spy the following activities: calls, texts, installed apps, browsing history, GPS location, multimedia, and any other information.
  • Some individuals claim that it is possible to extract voice from target phone without installation and spy the phone only having a phone number. But it is absolutely impossible.
  • Spyware for cell phone can be used as a bug to record the target device surroundings and play it back later.

There is a great number of spyware for cell phones available on the market these days. We do hope that in this article, we’ve shed some light on the spyware functionality and possibilities.

read more

Hackers can spy on your computer screens through the webcam microphone

Hackers can spy on your computer screens through the webcam microphone

Hackers can snoop on your computer screen just by listening to your webcam’s microphone

While covering your webcam could be a definite strategy to keep away webcam hackers, but what would you do if come to know that someone may be watching your every move or listening to your every word while you are using a webcam microphone. Scary, isn’t it?

A team of researchers has discovered that hackers can remotely spy on a computer screen by listening in with a microphone.

The hacker can listen to acoustic noises coming from within computer screens and can be used to detect the content displayed on the screens.

In other words, anyone with good technical knowledge knows-how can easily snoop on someone’s computer activities.

The side-channel attack dubbed as “Synesthesia” by the researchers can reveal the contents of a remote screen, providing access to potentially sensitive information based only on “content-dependent acoustic leakage from LCD screens.” LCD screens with both CCFL and LED backlighting are affected.

Also Read- Hackers Can Hack Your Computer If It Has Blinking LED Lights

According to the researchers, the subtle acoustic noises can be picked up by ordinary microphones built into webcams or screens, or even by a smartphone or “smart speaker” placed on a desk next to the screen, or from as far as 10 meters away using a parabolic microphone, or over an attached webcam microphone during a Skype, Google Hangouts, or other streaming audio chat, or through recordings from a nearby device, such as a Google Home or Amazon Echo.

“The pertinent sounds are so faint and high-pitched that they are well-nigh inaudible to the human ear, and thus (unlike with mechanical peripherals) users have no reason to suspect that these emanations exist and that information about their screen content is being conveyed to anyone who receives the audio stream, or even a retroactive recording,” according to the study.

“In fact, users often make an effort to place their webcam (and thus, microphone) in close proximity to the screen, in order to maintain eye contact during the video conference, thereby offering high-quality measurements to would-be attackers.”

The researchers created an experimental setup that attempted to recognize simple, repetitive patterns. “We created a simple program that displays patterns of alternating horizontal black and white stripes of equal thickness (in pixels), which we shall refer to as Zebras.

The period of a Zebra is the distance, in pixels, between two adjacent black stripes,” the researchers recounted in their paper.

As the program ran, the team recorded the sound emitted by a Soyo DYLM2086 screen while displaying different such Zebras. With each different period of stripes, the frequency of the ultrasonic noise shifted in a predictable manner. With the help of specially-trained machine learning algorithm, the researchers were able to then translate the recordings.

Also Read- Researchers hack air-gapped computer using electromagnetic pulses

The team was also able to identify which of the 10 most popular websites were displayed on a monitor with 96.5 percent accuracy.

The study was carried out by researchers from the University of Michigan, University of Pennsylvania and Tel Aviv University. You can read all the details about the study here.

read more

Google’s Titan Security Key Is Now Available For $50

Google's Titan Security Key Is Now Available For $50

This $50 Titan Security Key from Google secures your online accounts

Google’s Titan Security Key is finally available for customers in the U.S. for $50 from the Google Play Store. The in-house security key was first publicly announced in July, and since then it has been available to Google Cloud customers.

For those unaware, Google’s Titan Security Key is a physical device that is built on the FIDO (Fast Identity Online) specification. This device can be used to add an extra layer of security to protect data on the sites and services against phishing attacks. Just like other security keys, it can be used over Bluetooth or USB. The Titan Security Key can not only be used to secure the host of services offered by Google, but also with other non-Google services.

According to Google, the production process of the Titan Security Key makes it more resilient to supply chain attacks. “This firmware is sealed permanently into a secure element hardware chip at production time in the chip production factory,” Cloud product manager Christian Braand said in a post. “The secure element hardware chip that we use is designed to resist physical attacks aimed at extracting firmware and secret key material.”

In 2017, Google had started giving out physical security keys to all 85,000 employees to login accounts. Following this implementation, no employee has experienced any account hacks and phishing attacks since then. With the use of physical security keys, Google has removed the need for its employees to remember passwords or use one-time access codes.

For those unaware, Physical Security Keys are simple USB-based devices that work as an alternate approach to the now universal two-factor authentication (2FA). They work on an open-authentication standard known as ‘Universal 2nd Factor (U2F)’ that removes the need to remember multiple passwords for various sites.

The $50 kit comes with a USB key, a Bluetooth Low Energy key, and an adapter for devices with USB Type-C ports. You can enable security keys in your Google account from the two-step verification page.

Made in China?

While Google’s Titan Security Key is certainly an interesting device to keep users’ online accounts safe from phishing attacks, the search giant has however come under fire for manufacturing the key in China in partnership with manufacturer Feitian, according to a report from CNBC.

The product is labeled as “Produced in China,” indicating that the security key is manufactured there. Adam Meyers, a security expert at the security firm CloudStrike, is of the opinion that producing security keys overseas will make Google vulnerable not only to infiltration by hackers but also by the Chinese government during the assembly process.

However, Google said that the hardware that provides the keys’ security is sealed before it heads to the manufacturer to guard against supply chain attacks. The company declined to comment further.

read more

Google is secretly tracking what you buy offline using Mastercard cards

Google is secretly tracking what you buy offline using Mastercard cards

Google and Mastercard have a secret deal to track user shopping details offline

A partnership between Google and Mastercard allows the search giant to track offline sales data, says a Bloomberg report who cited four people “with knowledge of the deal”. In other words, Mastercard is basically selling customer data to Google.

“For the past year, select Google advertisers have had access to a potent new tool to track whether the ads they ran online led to a sale at a physical store in the U.S. That insight came thanks in part to a stockpile of Mastercard transactions that Google paid for.

“But most of the two billion Mastercard holders aren’t aware of this behind-the-scenes tracking. That’s because the companies never told the public about the arrangement,” Bloomberg mentions in its report.

The data is used for Google’s Store Sales Measurement tool, which allows the search giant to find a connection between clicks on digital ads and purchases in brick-and-mortar stores. A part of the solution matches clicks with purchases in offline stores, made with debit or credit cards. If there’s a match, Google shares the feedback with the advertisers and show them how their adverts on Google’s network led to purchases in retail locations.

It is important to note that this feature works only if a customer is logged into a Google account and has not switched off the Google Ad Tracking. Also, it works only if the customer makes a purchase within 30 days of the click. Currently, only select retailers can access the data.

“People don’t expect what they buy physically in a store to be linked to what they are buying online,” Christine Bannan, counsel with the advocacy group Electronic Privacy Information Center, told Bloomberg. “There’s just far too much burden that companies place on consumers and not enough responsibility being taken by companies to inform users what they’re doing and what rights they have.”

Although Google has not commented on the partnership with Mastercard, it has commented on the tool used to share the data to help calm fears about privacy.

Before we launched this beta product last year, we built a new, double-blind encryption technology that prevents both Google and our partners from viewing our respective users’ personally identifiable information. We do not have access to any personal information from our partners’ credit and debit cards, nor do we share any personal information with our partners. Google users can opt-out with their Web and App Activity controls, at any time,” a Google spokeswoman explained.

Although Mastercard couldn’t be reached for comment, a spokesperson sent a statement to Slate, which read, in part:

Regarding the [Bloomberg] article you cited, I’d quickly note that the premise of what was reported is false. The way our network operates, we do not know the individual items that a consumer purchases in any shopping card — physical or digital. No individual transactions or personal data is provided. That delivers on the expectation of privacy from both consumers and merchants around the world. In processing a transaction, we see the retailers name and the total amount of the consumer’s purchase, but not specific items.

According to Bloomberg, Google had once claimed that the company has access to “approximately 70 percent” of credit and debit card data in the U.S. However, earlier this year, Google made some tweaks to the settings that allow the user to opt out of ad tracking via its “Web and App Activity” console.

Also Read- Google tracks Android, iPhone users’ location even with location history turned off

read more

Android smartphones can be hacked with AT commands attacks

Android smartphones can be hacked with AT commands attacks

AT commands attack: Android devices from 11 vendors are vulnerable to this attack 

A group of security researchers has discovered that Android smartphones from 11 OEMs are vulnerable to hacking attacks from AT commands. This means that millions of Android devices out there are under the threat of AT commands attacks.

AT commands also known as Attention commands, were originally designed in the early 80s for controlling modems. However, this command is still in use in most modern smartphones to support telephony functions.

Although some AT commands have been standardized by regulatory and industry bodies, they have also been used by smartphone manufacturers and operating system designers to access and control device functionality in proprietary ways. According to the researchers, all the commands could allow an attacker to gain access to the device via the USB interface.

In order to find out the impact of AT command exploits, the researchers analyzed a range of smartphones from different vendors. They took over 2,000 Android smartphone firmware images across 11 vendors to build a database of 3,500 commands. They then executed these commands across 8 smartphones from 4 different manufacturers via USB connections.

The researchers found that there were different attacks using AT commands, including firmware flashing, Android security mechanism bypassing by making calls via USB, unlocking screens, injecting touch events, exfiltrating sensitive data, etc.

To exploit this vulnerability, all the attacker needs to do is hide the malicious content in any charging station, chargers or USB docks. Once the target phones are connected with the USB, the attacker can encroach the device and exploit the device AT commands for malicious activities.

Some of the OEMs vulnerable to AT command attacks are Samsung, Google, Motorola, LG, ASUS, Huawei, HTC, Sony, Lenovo, LineageOS, and ZTE.

The research team has notified the vendors about the security flaw and also have provided a list of phone models and firmware versions that are vulnerable to AT commands threat. “We have notified each vendor of any relevant findings and have worked with their security team to address the issues,” the researchers state in the paper.

In this study, the researchers have used Android smartphones as the subject to find out the impact of AT command attacks via USB interface on such devices. The researchers also have plans to carry out a similar study on Apple devices in the future and explore possibilities of AT command attacks through other modes of connection such as Bluetooth and Wi-Fi.

The study was carried out by researchers from the University of Florida, Stony Brook University, and Samsung Research America. The researchers presented details of their findings in a paper included in the Proceedings of the 27th USENIX Security Symposium.

Source: Usenix

read more

Microsoft Windows zero-day vulnerability exposed through Twitter

Microsoft Windows zero-day vulnerability exposed through Twitter

Unpatched Flaw In Microsoft Windows Task Manager Disclosed On Twitter

An angry Twitter user ‘SandboxEscaper’ exposed a local privilege escalation vulnerability in Microsoft Windows task manager that could allow an attacker get administrative access to a Windows system. The now deleted tweet included a link to the proof-of-concept (PoC) for the alleged zero-day vulnerability that was posted on GitHub. However, the exploit code has now been removed from GitHub.

The researcher, who claims to be tired of IT security work, seems frustrated with Microsoft’s bug bounty program:

Ps: Microsoft is stupid and I can’t wait to sell bugs in their software.

— SandboxEscaper (@SandboxEscaper) August 27, 2018

The vulnerability found resides in the task manager’s Advanced Local Procedure Call (ALPC) interface, which allows an attacker with local user access privileges to gain access to elevated (SYSTEM) privileges.

Researcher Will Dormann, a vulnerability analyst with the U.S. Computer Emergency Readiness Team (US-CERT) confirmed that the exploit code works in a fully patched 64-bit Windows 10 and Windows Server 2016 systems. He also said that the exploit code can be modified to run on other Windows versions.

Currently, there are no known patches or specific workarounds to address the vulnerability confirmed CERT.

Kevin Beaumont, a UK-based security architect, too confirmed the exploit code and also published the vulnerability code on GitHub for easy analysis.

On how can the vulnerability code be detected, Beaumont advised, “If you use Microsoft Sysmon, look for spoolsv.exe spawning abnormal processes — it’s a sure sign this exploit is being used (or another Spooler exploit). Similarly, if you use Sysmon, look for connhost.exe (Task Scheduler) spawning under abnormal processes (e.g. the Print Spooler).”

The actual fix needs to come from Microsoft. A Microsoft representative who acknowledged the flaw reportedly told The Register that the company will “proactively update impacted devices as soon as possible. Our standard policy is to provide solutions via our current Update Tuesday schedule.”

The next scheduled Microsoft Patch Tuesday is likely to take place on September 11. In other words, this would allow ample time for the attackers to exploit the vulnerability code that is in the wild.

“With the latest Windows OS vulnerability made public, IT professionals need to be extra vigilant regarding their network users’ behaviors,” said Justin Jett, director of audit and compliance for Plixer. “The PoC released by ‘researcher’ SandboxEscaper on Twitter gives malicious actors leverage needed to break into organizations to steal valuable information.”

“Network traffic analytics should continue to be used to detect anomalous traffic going across the network and to spot where users are behaving in a way that they historically don’t,” Jett added. “Such behavior could be a strong indicator that the vulnerability, which allows hackers to escalate their privileges on a system, may be in use.

We’ll have to wait for Microsoft to respond, but if nothing is released until the scheduled September 11 Patch Tuesday, hackers will have a two-week window to take advantage of this vulnerability.”

Also Read– How to fix Windows 10 taskbar not working?

read more

WhatsApp confirms backups not encrypted on Google Drive

WhatsApp confirms backups not encrypted on Google Drive

Google Drive will not provide end-to-end encryption protection for WhatsApp backups

WhatsApp, the Facebook-owned company, has notified its users that its end-to-end encryption feature for messages and media will not be extended to data stored as a backup on Google’s servers.

The end-to-end encryption feature of WhatsApp ensures that the message that only the sender and the recipient of the message can read what’s sent, and nobody in between, not even WhatsApp.

“Media and messages you back up aren’t protected by WhatsApp end-to-end encryption while in Google Drive,” WhatsApp posted using a note labeled as ‘Important’ on the FAQ section of its official blog.

For those unaware, on August 16th, Google and WhatsApp partnered together to provide WhatsApp users free and unlimited backups storage on Google Drive. Under the new agreement, there will be no restrictions for uploading WhatsApp backups on Google Drive. Also, the backups would not be counted against the Google Drive storage space (15GB) allocated to the user, like it used to do in the past. The new agreement is said to come into effect from November 12, 2018, only for Android users since iOS users use iCloud as the default for chat backup.

In fact, WhatsApp in the past too had clarified that data backed up and stored on Google Drive is not encrypted.

WhatsApp also said that Google will automatically delete all the WhatsApp messages and media that haven’t been updated in more than a year. In order to avoid loss of any backup content, users should back-up their WhatsApp accounts manually before November 12, 2018.

If you wish to back up your WhatsApp chats, here’s how you can do it.

  1. Ensure that you have Google Drive setup on your phone.
  2. Go to WhatsApp, then go to Menu (3 dots on right top) > Settings > Chats > Chat Backup.
  3. Select “Back up to Google Drive” and you will automatically see everything getting backed up to Google Drive.

However, before you get started, ensure that you are connected to Wi-Fi, as WhatsApp backups can be large and may use too much internet data.

On the other hand, Sai Krishna Kothapalli, an independent security researcher, mentioned that backing up chats using Google Drive is completely voluntary and WhatsApp doesn’t compel its users to do so. However, using Google Drive for backing up data is the most convenient method to store important chats, particularly when a user wants to change devices.

“From a privacy perspective (completely discounting convenience) online backups are no good regardless of who the custodian is. While Google does encrypt files on the server side they also ultimately control the keys for those — which can be provided to law enforcement authorities on the basis of a warrant,” Karan Saini, independent security researcher, was quoted as saying by the Economic Times.

Users who are not interested in backing up data, can turn off automatic Google Drive backups by heading over to Settings > Chats > Chat Backup > Backup to Google Drive, and changing the setting to ‘Never’.

read more

Apple pulls Facebook’s free VPN app from App Store citing privacy violations

Apple pulls Facebook’s free VPN app from App Store citing privacy violations

Facebook pulls out its VPN app from Apple’s App Store for violating new rules on data collection

Apple kicked off Facebook’s data-security app, Onavo Protect from its iOS App Store after the iPhone manufacturer found that the social media giant was violating new App Store Guidelines.

According to the recently revamped guidelines of Apple, developers cannot list apps on the App Store that collect and share data with third-parties for any reason other than enhancing the app’s experience or ads.

Onavo Protect, a Facebook Inc. owned free security app, is a VPN (virtual private network) service. Facebook acquired the Tel Aviv-based mobile analytics company, Onavo in 2013.

The Onavo Protect app was primarily designed to help users keep their data safe, block potentially harmful websites, secure their personal information and keep tabs on their mobile data usage.

According to Apple, Facebook’s app had violated new rules of data collection introduced by the Cupertino giant in June.

“We work hard to protect user privacy and data security throughout the Apple ecosystem,” Apple said in a statement to MacRumors.

“With the latest update to our guidelines, we made it explicitly clear that apps should not collect information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing and must make it clear what user data will be collected and how it will be used.”

Although, Onavo’s listing in the App Store stated that it collected your use of “websites, apps, and data” and promised to “keep you and your data safe when you browse and share information on the web,” the app was collecting information about how people use their devices outside of Facebook, Apple said.

It is found that the VPN client was tracking users’ apps, how often they are used, what websites users visit, websites of fading interest and was sending this information back to Facebook and its partners.

“Apple informed Facebook that Onavo also violated a part of its developer agreement that prevents apps from using data in ways that go beyond what is directly relevant to the app or to provide advertising,” reports The Wall Street Journal, citing a source familiar with the matter.

Last week, Apple reportedly suggested Facebook to “voluntarily” remove Onavo Protect for iOS from the App Store. Instead of making changes to the app, Facebook decided to comply with Apple’s latest guidelines and removed the app.

Onavo Protect app is still available for download from the Google Play Store on Android. For those who have downloaded the Onavo VPN app on iOS in the past can continue to use it. However, Facebook won’t be rolling out new updates for iOS users.

read more

How PUBG Mobile hacks works? Is hacking APK legal?

How PUBG mobile hack works? Is hacking APK legal?

How PUBG Mobile Hacks with APK Mod or any other tool works| Tips & tricks| Is it legal?

PUBG Mobile hacking, this might sound fascinating for some people but in actual reality how much potential this term has? Let’s find out here.

As we all know that every lock has its own respective key, which can’t be open without it. But we should never forget that for every lock there is also a master key. Similarly, the proverb where there’s a will there’s a way fits perfectly in here as you are about to witness some shocking realities regarding Android game hacking.

The most Demanding and Dominating game PUBG is in news again. This game has now earned a serious reputation among gamers. The PlayerUnknown’s Battleground (PUBG), is one of the most popular games on the internet today. But is it really possible to hack this masterpiece? Let’s find out.

Well according to a common misconception many people believed that there are absolutely no cheaters or hackers in the online gaming world or if there are any then they must be in very less amount.

But it’s not true. Similar to other hacking, games can be hacked too. As we download games we are also downloading some files related to it.

Those files can be modified in order to unlock some weapons or achievements or even to the extent of winning it without crossing any actual level.

Yes, it is possible by simply making some changes in the scripts of that particular game. Now the real question for which everyone is eagerly waiting to get answered.

PUBG Hack on Android | Is it Possible to Hack PUBG?

Is it really Possible to Hack PUBG Mobile? (PUBG Hacking using apk mod or any other tool)

And the answer is yes. It is possible to some extent. Actually, there are numerous types of Hacking.

Different approaches can be used to hack different Mobile games. But one method which is fairly common among all is the use of Rooted Device.

Android is a great marketplace for apps specifically targeting rooted android devices. These devices after getting rooted are able to perform those tasks which were not even imagined before sometimes.

Tasks ranging from finding wifi password to manually controlling device performance and battery backup. Everything can be done on the rooted android device.

And for those who don’t know what is rooting? Then it is a process of having a complete control over device but with no device warranty.

In this way, rooting delivers a complete privilege to those cheating apps which are later used on the desired game app.

While there are several PUBG Mobile apk mod available online that allows hack, it might get your account banned after some time or may lead to malware infection in your device. Which ultimately affects the device performance or in some cases steal personal information of the user.

You can also bypass the anti-cheat software by allowing your cheat to control the device.

ALSO READ: PUBG Download: Android, iOS, Windows, Mac, Xbox, And PlayStation

Are there any cheat codes related to PUBG mobile?

No, there are no cheat codes related to PUBG Mobile, however, there are shortcut keys that may help in a better gameplay.

On which Operating System PUBG can be hacked?

Though it can be hacked on both android and iOS. As both of these offers the same flaw. Android devices are rooted and iOS devices are jailbreaked. But it can only be hacked if the device is rooted otherwise you won’t be able to hack it.

Same with iOS too. The best OS for instant hacking is Android. Android is very easy to design for and also it even has emulators for PC. On the other hand, Apple has a bit strict policy regarding their apps on apps store which eventually makes it harder to get hacked into iOS.

How is it hacked actually?

Well, it is very similar to other types of hacking. You simply need to manipulate game documents by playing with the code. Once your phone is rooted it will work as same as on PC. If you are not into using apps for rooted devices then you can make changes to the code by yourself as well. By doing this you can be a god of the game.

Is It Legal To Hack Any Mobile Game?

No, it’s not legal. You are not allowed to hack any game as it takes so much effort to make them. Some countries have even strict laws against hacking.

Also cheating for this mobile shooter needs professional formed mods and most of them are not for free download. Although for fun purpose you can hack it offline as it is allowed.

But personally, we think its an offense and also it’s not fair towards the developer of the game as he invested hours of his life in developing that masterpiece.

Conclusion: Hacking is illegal and you can be strictly punished for that. But it also has a prize to risk for. At last, we leave this on your wisdom as we are not here to promote any kind of hacking techniques. Stay tuned for more such articles.

Also Read: PUBG Mobile Lite APK Download | How To Install It

Playerunknown’s Battlegrounds (PUBG) PC Download Free And Paid

read more

Social Mapper Finds Social Media Profiles Using Only A Photo

Social Mapper Finds Social Media Profiles Using Only a Photo

Social Mapper – This Free Tool Lets You Track People Across Social Media

Researchers at Trustwave, a company that provides ethical hacking services, have made it easier for penetration testers and red teamers to search for social media profiles. It has released an open source intelligence tool called ‘Social Mapper’ that uses facial recognition to compare social media profiles across different sites based on a name and picture. This software tool is aimed at facilitating social engineering attacks.

Social Mapper automatically locates profiles on social media sites, such as Facebook, Instagram, LinkedIn, Google+, Vkontakte and microblogging websites like Weibo and Douban. Automated searching of profiles can be performed much faster and for many people simultaneously.

“Performing intelligence gathering is a time-consuming process, it typically starts by attempting to find a person’s online presence on a variety of social media sites. While this is an easy task for a few, it can become incredibly tedious when done at scale.” Trustwave states in a blog post.

“Introducing Social Mapper an open source intelligence tool that uses facial recognition to correlate social media profiles across a number of different sites on a large scale. Trustwave, which provides ethical hacking services, has successfully used the tool in a number of penetration tests and red teaming engagements on behalf of clients.”

How does Social Mapper work?

Social Mapper doesn’t require API access to social networks. On the basis of the requirement, the Social Mapper first prepares a list of targeted people for processing. It then uses names and photos as input to scan social media profiles online. The software tool then generates reports in the form of spreadsheets, which include profile information like photos, emails, etc. Based on provided names and photos, it takes approximately 60-70 seconds to scan one profile. It takes no less than 15 hours for searching details of 1,000 people.

Social Mapper “takes an automated approach to searching popular social media sites for names and pictures of individuals to accurately detect and group a person’s presence, outputting the results into a report that a human operator can quickly review”.

How to install Social Mapper

Social Mapper is written in Python and runs on Linux, chromeOS (Developer Mode), Windows, and Mac. However, before installing Social Mapper, latest version of Firefox, the Selenium API, and Geckodriver needs to be installed.

Running the Tool

After installing Social Mapper, it can be set into action by running the file with target information and target social media site. The basic syntax of the command is as follows. -f <input format> -i <input type > -m <mode> –<target media>

Required Parameters

To start up the tool 3 parameters must be provided, an input format, the input file or folder and the basic running mode.

The –i argument represents the input provided to the tool, which can either be a ‘name’, ‘csv’, ‘imagefolder’ or ‘socialmapper’ resume file. The –f specify the format of the input provided to the tool, which can be ‘social mapper’, a ‘name’, ‘csv’, or ‘imagefolder’.  The –m represents the mode, which can be set as ‘fast’ or ‘accurate’ depending on the requirement.

Finally, we provide social media website information to the tool. The tool accepts –a argument as ‘select all social media’. The list of abbreviations provided below can be inputted into Social Mapper to collect information about targeted users.

-a : Selects all

-fb: Check Facebook

-tw: Check Twitter

-ig: Check Instagram

-l,: Check LinkedIn

-gp: Check GooglePlus

-vk: Check VKontakte

-wb: Check Weibo

-db: Check Douban

The tool allows some optional parameters, such as -t, -cid, -s, and -v, to use in the command to fine tune the search results. Some of the example runs are given below:

A quick run for facebook and twitter on some targets you have in an imagefolder, that you plan to manually review and don’t mind some false positives:

python -f imagefolder -i ./mytargets -m fast -fb -tw

A exhaustive run on a large company where false positives must be kept to a minimum:

python -f company -i “SpiderLabs” -m accurate -a -t strict

A large run that needs to be split over multiple sessions due to time, the first run doing LinkedIn and Facebook, with the second resuming and filling in Twitter, Google Plus and Instagram:

python -f company -i “SpiderLabs” -m accurate -li -fb

python -f socialmapper -i ./SpiderLabs-social-mapper-linkedin-facebook.html -m accurate -tw -gp -ig

You can read more about the Social Mapper on GitHub here.

Source: GitHub, Trustwave

read more