The Hacks of Mr. Robot: How to Spy on Anyone's Smartphone Activity

How to Spy on Anyone's Smartphone Activity

Welcome back, my greenhorn hackers!

As all you know by now, I'm loving this new show, Mr. Robot. Among the many things going for this innovative and captivating program is the realism of the hacking. I am using this series titled "The Hacks of Mr. Robot" to demonstrate the hacks that are used on this program.

In the third episode, Tyrell Wellick, the technically-astute CTO wannabe, is seen having an affair with one of his employees. When his lover goes to the shower, he grabs his phone and installs tracking software on his phone to spy on him. We don't yet know why he has installed the software, but I'm sure we will find out soon.

Tyrell, with the physical phone in hand, is seen downloading and installing software to the phone for some malicious purpose (this is Tyrell, after all—he has nothing other than unbridled, ambitious, and malicious purposes).

Here is Tyrell downloading and installing this tracking app to his lover/employee's phone. If we want to do the same, we just need to have the physical phone in our hands for 2-3 minutes.

In this tutorial, we will look at some of the software that can be installed to track and steal information from a smartphone, whether for legitimate or malicious purposes.

Some of the Apps for Tracking

There are a number of apps available for tracking/spying on both iOS and Android platforms. Probably the best, and one that appears to be being used by Tyrell in this scene, is FlexiSPY. It is available for either iOS, Android, BlackBerry, or Symbian. Some of its features are listed below from their website.

The Premium FlexiSPY with all the features listed above costs $349 per year. But there are other numerous iPhone and Android spying packages available from other companies. These include:

Most of these apps will not be in your app store as they are considered malicious, but some will. Some limited-capability apps are available in your app store that will track, for instance, GPS location, something that an employer might want to track employees or a parent might want to track their child movements or locating a lost cell phone. These are all considered legitimate and legal applications of this technology. In the Google Play Store, these include:

These apps primarily track the location of the phone and are not capable of doing so many of the things that the paid apps do, such as reading SMS and email messages, listening in on conversations, spying on WhatsApp and other chat messengers, controlling the phone, etc.

Using a Smartphone Spying App

Before we go further, I want you to keep a few things in mind.

  1. You MUST have physical access to the target phone/mobile device (the device you want to track). You have to be able to download the mobile spy software onto the device you want to track, and you don't need to download anything on your phone or computer. I found that it takes just about 2-3 minutes to install and activate.
  2. You must have internet access. These spy software apps transfer the data inside the phone/tablet to a central server where you can then access it. You must have Internet access from another device to access the phone's information.
  3. It probably goes without saying, but make sure the spy software is compatible with the phone's operating system.
  4. Be aware that it is illegal in most jurisdictions to install tracking software on a device that is not your own.

All that having been said, now let's install a smartphone spying software to test its capabilities.

TheTruthSpy

Let's try out one of these apps for Android, TheTruthSpy. It has a 48-hour free trial, so we can use it for a couple days before deciding to buy it. Let's download it, install it, and give it a try.

Step 1: Check Out Its Features

This software seems to have all the features we could ever want to spy on someone's phone like Tyrell did in Mr. Robot.

These features include:

  • GPS tracking
  • Read email
  • Record calls
  • Read WhatsApp and other messages
  • Track internet browsing
  • View photos
  • Send commands to the phone
  • And a few others

Step 2: Install TheTruthSpy

Before we can install any spy software on a mobile device, we need to change the security settings. By default, Android and iOS are designed to only allow the installation of apps from their official store/repositories. We need to change that.

On Android, go to your "Security" settings (in the default Settings app), then allow app installations from "Unknown sources."

Next, download the trial version at android.thetruthspy.com, then tap on the "Download complete" notification (or find the file in your "Downloads" app) to run the installer file.

At this point, you will need to click through all the prompts and warnings to continue installing the app.

Finally, when it is installed, open it up, because you will need to link it to your account or open an account here with your email address.

After just 2-3 minutes with the phone, the spy software is installed and ready to go! To make sure the person doesn't notice anything wrong on their smartphone, make sure to disable "Unknown sources" if was previously unchecked, delete the .apk file from the Downloads app, and hide TheTruthSpy's icon, which can be done after logging in to the app.

Step 3: Log in to Control Panel

Now that we have TheTruthSpy installed, we can access the phone information from the cloud. The spy software we have installed on the phone relays all the information on the phone to a server. We can then access that server via an account at my.thetruthspy.com as seen below.

Once we have logged in with our credentials, we are greeted by a dashboard like below. Since this is trial software, some of the capabilities are unavailable, but even this trial software comes with the ability to track the phone via GPS, gives you all the SMS history, the call history, Twitter history, and finally, Auto Answer.

Here you can see the call history screen. It lists each call, who it was from or to (I erased the names to protect the innocent), the date, and the length of the call.

Here you can see a text conversation I had with my friend Sam a couple days ago. All of the user's text messages are available here.

It also enables you to track the location of the phone (and presumably the user) wherever it goes.

Auto Answer

One of the new features in TheTruthSpy is the Auto Answer feature. This feature enables us to call the phone and it will auto answer. In this way, we can listen in to any conversations taking place within earshot of the phone's microphone.

There are numerous other features available here with this app, but we must pay to enable them.

As you can imagine, this type of software has innumerable applications in cyber espionage, cyber warfare, criminal investigation, forensics, and in many other uses.

Once again, our favorite TV program has realistically depicting hacking. I will continue to show you how to do the hacks of Mr. Robot, so keep coming back, my greenhorn hackers!

Just updated your iPhone to iOS 18? You'll find a ton of hot new features for some of your most-used Apple apps. Dive in and see for yourself:

32 Comments

I love this series! Great job, OTW.

1) Is there any app can be used on our private server for free?

2) Why are they naming their malicious apk something ends with Spy anyway? I mean that even though we hide it from the menu, victim can see it on the "Installed Apps" part.

As I mentioned in the article there are some free apps, but without all the capabilities of these others.

Although, as you say, some would look in the installed apps , most will not. In addition, these are not meant to be malicious. They are for employers and parents who own the phone and it doesn't matter whether the target knows it is there are not.

I think you should take one of the free apps and re-engineer it with additional capabilities. Shouldn't be hard.

We all know that these apps are most commonly used for spying on significant others not kids and rarely I'd EVER an employer.

It is stupid you can see the app in the apps list. And most people DO look at their apps list. These developers need to figure out a way to hide it better, usually sticks out like a sore thumb or takes over " device administrator" which is also incredibly obvious. Some even have notifications pop up on target phone.

Another thing: no mention of private browsing mode eh? Most of these apps don't record or capture what was viewed in private mode - all the pervs and cheaters know to use private mode ( porn pervs) there are a select 2 maybe 3 apps not mentioned here which do record private mode... also all of these apps require the target phone to be rooted to get most features they advertise and boast about.

I think these spy apps on the market need improvement. Not much has improved since their introduction. Most of them don't even have actual keyloggers yet they call themselves one.

Are there any programs for Windows Phone?

No one uses a windows phone!

In my country it's pretty popular.

I own one, and I like it, it's simple, fast, and pretty. For a low-range phone, I'd totally recommend going for one of these :).

I feel like they're the new Blackberrys in terms of being secure, but maybe not so much because of the lack of vulnerabilities, but for the lack of people searching for them.

Kitten:

I'm glad to hear you like your Windows phone. I was, of course, joking when I said that no one uses a Windows phone. Globally, Windows phones are just 7% of the market. I don't expect that they will survive much longer. Microsoft has already done a major layoff at that division because of their inability to penetrate that market.

OTW

Look at this ! I got a fully featured tracker for free at https://tracker-free.com/
Not tried it as of now.
Feedback appreciated.
However, a closed source 'free' software probably from a chinese company looks highly suspicious.
So if someone can check the terms of use, I will be grateful.

good but its not good i cant install on my vic phones

What happens to the free truthspy after 2 days then? Does the bugged person somehow get notified that there has been a bug on the phone??

No, of course, not. The app simply is de-activated.

Soy de habla hispana, asi que si el español es un problema puedo intentar escribir en inglés ^^. Mi pregunta es , ¿ Es posible descargar o conseguir una versión de flexiSpy crackeada o "full" como se le conoce? ¿o su defecto intentar volverla asi? ¿ o haciendo eso no funcionaria ?, ¿se puede conseguir una versión completa sin comprar? . Espero hacerme entender y pido disculpas si pregunte algo inadecuado

I'm sure that somewhere you can find a cracked version, but I don't have one here as that would be illegal.

Ok. Thanks for the prompt response.

so how do we reengineer one of the free apps?

Does a similar spy application exist for the iOS (iPhone)

As I say in the article, it is available for Android and iOS.

Does whatsapp spy require a rooted phone?

Nice Post as always.

As i was reading it, i was intrigued by one part in particular, "and hide TheTruthSpy's icon, which can be done after logging in to the app."

How can the app do this?? From all my readings, root access is mandatory to hide the icon. Allowing unsigned apps has nothing to do with rooting the phone. And even if we assume that the app somehow tries to get root privileges, a reboot would be mandatory. Also i would hate to give root privileges to a third party spying app over which I have 0 control!!! Learning to hide the icon could be really interesting particularly if we would like to try to develop our own apk. If you have knowledge of some techniques or documents that could help answer this question it would be much appreciated.

P.S: On my android phone with cyanogen version (5.1.1) not rooted, there is a protected app feature (settings, app, option (3dots), protected app) that can hide the app from the app list and the icon from the home screen. However,it requires a pattern. Thus if the option was previously used by the target, it would require from the attacker to have physical access to the phone and know the pattern which is less practical and likelyl.

Have you tried another solution called Spyzie? I am not sure if it has anything with rooting, but when you install the app, you need to allow installation from unknown sources first and allow all permission requests during the setup process. After that, the icon will be automatically deleted, and you couldn't even find it.

i noticed in the show he used a sd card that uploaded what was needed to track his data , would you happen to know how to do this ?

Based on your advices, I did register with the truthspy... for 1 year, Glod plan.

Are you sure there is anyone beihind it?
I'm having technical issue with it, and NO response to all my emails since a week.

Did you check if the company was still alive ?

I like this article a lot ..

Recently I received a call from a friend of mine but when I answered there was no one on the line. I got a second call from this same friend and this time I could hear someone in the background but then they hung up again. She lives about 500 miles from where I was staying in the states. Then I got a facetime request from her and when I answered some kid said......"oh shit the damm thing worked!" and then they hung up. So I tried facetiming them back because my first thought was they had either stolen her phone or she had lost it. So when I did the whole facetime thing I was able to see several teenagers in the background and I was talking to this kid. He didn't say much to me and I couldn't get any info out of him except that he was located in a small town in the northern part of Michigan. My friend lives in the southern part of Michigan down by Livonia. Then he hung up. My service provider told me that the kids can put a app on their phone and access another persons contacts and then make calls using the numbers in that contact list. How did they do thi???

hi, is it possible to access data on an android phone if you don't have physical access to it but you have it's IP or MAC address?

I know someone who's being potentially tracked by a person they gave their iphone to and want to know as to what is the most straightforward way to root out any malicious apps, however obfuscated they may be.

A nice article, would you like to share the method which use by moldy and his friend when they are take a some test to compare security between android and iphone, than darlene tell moldy that her gadget already hacked amd taken by doing this silly test, I didn't find in your series article about Mr. ROBOT. thanks

Why not just use Metasploit?

Can we modify the application ? I mean rename it with apkeditor. Change the name to for example system app or whatever

well all this can be done by making a payload using msfvenom

and using over a wide area network service like ngrok or nmap .The thing is that people are now aware about this kind of attack , what need to learn more for hacker is browser attacks.

But nice post with nothing new in it .

Share Your Thoughts

  • Hot
  • Latest