Android is, along with iOS, the most popular mobile operating system in the world and has thousands of mobile apps to perform all kinds of functions, which has made it one of the favorite targets of the cybercriminal community. Faced with this situation, mobile device and app developers have had to familiarize themselves with the basics of mobile security, including penetration testing, scanning, and gathering information for indicators of compromise.
On this occasion, mobile security experts from the International Institute of Cyber Security (IICS) will show you the top 10 hacking tools for Android operating systems. Remember that this material was prepared entirely for educational purposes and the information contained herein should not be misused.
It is worth mentioning that these tools do not require a rooted device, so any user can become familiar with them. All tools work with the latest versions of Android.
WPS WIFI CHECKER PRO
This application allows us to use the WPS mobile security protocol to analyze the protections of the router to which our devices are connected. After its installation, WiFi Checker Pro initiates a LAN scan to perform a PIN reliability and security analysis.
If the PIN is correct, the Android device will automatically connect to the vulnerable network, so the pentester does not need to know the WiFi password key. This tool allows you to spy on web activity on your network, which makes it an excellent tool for vulnerability scanning.
KALI NETHUNTER
Offensive Security’s popular Kali NetHunter framework for hacking and pentesting is compatible with all kinds of Android devices, including manufacturers like OnePlus, Samsung, LG and ZTE.
Kali NetHunter installs an operating system overlay on the target device, making it a resource-efficient pentesting tool. The tool can crack WEP and WPA keys, as well as detect open ports on other devices, mobile security experts say.
MOBILE PENTESTING ZANTI
ZANTI is one of the most popular jailbreak apps for Android, allowing the identification and simulation of exploits and mobile hacking techniques.
This app collects a large amount of information about connected devices, allowing you to analyze your mobile security and determine if a device is vulnerable to known attack variants.
KAYRA THE PENTESTER LITE
This is a free, open source app available on the Play Store that has several integrated Metasploit frameworks, which will allow the user to perform vulnerability tests through the analysis of various indicators of compromise.
Kayra can display the local network, perform header scans, initiate dictionary attacks, spoof TCP packets, and even deploy Man-in-The-Middle (MiTM) attacks.
HACKODE
Hackode has multiple features for collecting information about other devices.
Furthermore, mobile security experts can employ the network tools built into Hackode, such as Google Hacking, Google Dorks, Reconnaissance, WHOIS Lookup, TracerRoute, DNS Rig and others.
Network Mapper
Network Mapper is a powerful Nmap scanner based tool to display and scan networks connected to a target device.
After installing the Network Mapper app from the Play Store, the Nmap binaries will be automatically downloaded and installed, providing an easy-to-use graphical interface for scanning.
TPACKETCAPTURE
As its name suggests, PacketCapture is a mobile application for capturing packets and data transmitted through the target network.
Since PacketCapture creates its own local VPN, it works the same on both rooted and non-rooted devices.
PORTDROID
PortDroid is a complete network analysis package that contains many advanced features, providing a complete pentesting environment.
According to mobile security experts, the application perfectly fulfills all its functions, from pinging to port scans, DNS lookups, among others, allowing administrators to be aware of everything that happens in their network.
WI-FI WARDEN
To use this tool, we must give access to the location, since we will only be able to hack the networks available in a certain radius.
To determine if the hack has been successful, only a window will appear mentioning that the connection has been completed. Mobile security experts mention that this tool represents an ideal opportunity to use the WiFi connection of the neighbors.
TERMUX
Termux is the true king of mobile hacking. This tool is capable of executing any development for Kali Linux, from small scripts for simple tasks to complex tools such as Metasploit.
This is a Linux terminal emulator for smartphones, which means that any Linux/Kali Linux command can be executed here and with a high degree of precision, so specialists won’t even notice the difference between using Termux and a desktop computer.
SECURITY TIPS TO PREVENT YOUR CELL PHONE FROM BEING HACKED
Smartphones are, nowadays, an extension of our body. They contain all our information, including our money, important documents, among others. That is why it is of the utmost importance to keep that information safe, since a cell phone hack can be equivalent to the level of loss as the robbery of your home.
Cell phones are really small devices; they can be easily lost and stolen. Being full of personal and valuable information such as bank accounts, passwords and contacts, they are a target for modern criminals. That is why take these security measures into account to prevent a possible hacking of your smartphone.
1. KEEP YOUR OPERATING SYSTEM UPDATED
Smartphones launch constant updates not only for aesthetic reasons but to strengthen the information security system of the device. When you receive an available update notification, take advantage and update your smartphone, it will protect you from attacks, viruses and intrusions.
2. SET A COMPLEX PASSWORD
Opt for a complex password, but easy to remember. The easiest passwords to crack are those that contain personal data such as pet names, birthdays, or nicknames. Choose a random word and number combination to keep your information a little more secure.
3. KEEP YOUR NUMBER PRIVATE
Many applications are free in exchange for personal information. They may ask you for your number, your full name and even authorization to access your contacts. This not only puts your own device in danger of being hacked, but also that of your contacts.
4. DO NOT SHARE PERSONAL INFORMATION ON SOCIAL NETWORKS
By sharing information such as your parents’ name, place of birth, address, cybercriminals can use this data as security answers. This information can serve as a route to access your accounts.
5. LOCK YOUR PHONE IN CASE OF LOSS OR STOLEN
It is the first thing you should do if you are a victim of theft or loss. Call your operator immediately to suspend your service. Also call your bank to suspend your accounts in the case of having bank information on your smartphone.
Cybercrime is a real problem. It can have a serious impact on our privacy and finances. In addition to bringing us problems in our work and involving our network of contacts and putting them in danger.
Location-based monitoring: what can you do?
Location-based monitoring is pretty hard to avoid. If you use mobile, it is almost impossible to avoid these trackers. Your smartphone is designed to triangulate your location. Through the satellite, the network ID or the IP address, your mobile is always looking for something to know where you are.
Location-based monitoring provides information to optimize all the digital services you use. You can navigate more easily, find reviews instantly, and even have authorities find you in an emergency.
That being said, location-based monitoring comes with privacy concerns, especially in countries where there are no laws preventing corporate or state overreach.
Most of the devices we carry do not have an option to turn off location-based tracking. You can only disable an app’s access to location services.
The only way to truly hide your location is through GPS cloaking. GPS cloaking services are third-party services that modify data to make your device appear to be in a different location. However, hiding your location is illegal in some countries, such as Hong Kong or China.
Since cybercriminals often use GPS stealth to hide their tracks, this practice can get you banned from different digital services. Online gaming and video conferencing apps have anti-scam systems in place to prevent GPS cloaking from being used.
Hiding your location can also prevent most of your apps from working. Many apps need to access the GPS settings to work properly. GPS hiding services will make you lose access to:
- Maps (Google Maps, Waze).
- Weather apps (The Weather Channel, WeatherBug).
- Applications for emergency services (Natural Disaster Monitor, Smart911).
- Ride sharing apps (Lyft, Uber).
- Food delivery apps (UberEats, Doordash).
- Dating apps (Tinder, Grindr).
- Video games (Pokemon Go).
- Social media apps (Instagram, Snapchat).
- Instant messaging applications (WhatsApp, SMS).
- Shopping apps (Target, Curbside).
- Tracking apps (Find my device, Find my friends).
How to avoid phishing attacks?
Phishing, or phishing, is the practice of sending fraudulent communications that appear to come from a reputable source. It is usually done via email. The goal is to identify data such as credit card and login information, or to install malware on the victim’s electronic device. Phishing is a common type of cyberattack that you should be aware of and know how to prevent. Here is everything you need to know about phishing.
What tips or tricks can protect you from phishing attacks? First of all, use common sense.
1.- Set an access code: create a password on your mobile device so that if it is lost or stolen, it is more difficult to access your information. Data is most often taken from mobile phones when it is lost or stolen and is not protected by a password. It’s an open invitation for thieves to poke around.
2.- Always check a link before clicking. Hover over it to preview the URL and note any misspellings or other irregularities. Sometimes emails and websites look just like the real thing.
3.- Enter your username and password only through a secure connection. Look for the “https” prefix before the website URL, it is an indicator that the site is secure. If there are no “s”, be careful.
4.- Download apps from reputable sources: Before downloading an app, do some research to make sure the app is legitimate. This includes checking reviews, confirming the legitimacy of the app store, and comparing the app’s official website with the app store link for consistency. Many apps from untrustworthy sources contain malware that, once installed, can steal information, install viruses, and damage the contents of your phone.
5.- Backup and security of your data: make a backup copy of all the data stored on your mobile phone, such as your contacts, documents and photos. These files can be stored on your computer, on a storage card, or in the cloud. This allows you to restore information to your phone if it is lost or stolen.
6.- Examine the permissions of the application before accepting them: you must be careful when granting applications access to personal information on your mobile phone or allowing the application to have access to perform functions on your device. Be sure to also check the privacy settings of each app before installing it.
7.- Clean the data on your old mobile before donating, reselling or recycling it: to protect your privacy, completely erase the data and restore the mobile to its initial factory settings.
8.- Even if an email comes from one of your best friends, remember that it could also have been tricked or hacked. That is why you must be cautious in any situation. Even if a message seems friendly, treat links and attachments with suspicion.
9.- Avoid logging into online banks and similar services through public Wi-Fi networks. It is better to use a mobile connection or a secure network than to lose all the money in your credit card or bank account. Open networks can be created by criminals who, among other things, spoof website addresses upon connection and thus redirect you to a fake page.
10.- Make sure you have a security app: Download a mobile security app that scans all apps for malware. Also, make sure that the security application protects against unsafe websites.
11.- Beware of fake apps: Beware of apps that offer a paid app for free or an app that claims to install or download other apps for you.
12.- Report the theft of your mobile phone: report the theft to the local police authorities and then inform your internet provider.
13.- If you discover a “phishing” campaign, inform the bank, the social network support service or any other entity that claims to represent the “phishing” message. That way, you help hunt down cybercriminals.