Welcome back, my greenhorn hackers!
As all you know by now, I'm loving this new show, Mr. Robot. Among the many things going for this innovative and captivating program is the realism of the hacking. I am using this series titled "The Hacks of Mr. Robot" to demonstrate the hacks that are used on this program.
In the third episode, Tyrell Wellick, the technically-astute CTO wannabe, is seen having an affair with one of his employees. When his lover goes to the shower, he grabs his phone and installs tracking software on his phone to spy on him. We don't yet know why he has installed the software, but I'm sure we will find out soon.
Tyrell, with the physical phone in hand, is seen downloading and installing software to the phone for some malicious purpose (this is Tyrell, after all—he has nothing other than unbridled, ambitious, and malicious purposes).
Here is Tyrell downloading and installing this tracking app to his lover/employee's phone. If we want to do the same, we just need to have the physical phone in our hands for 2-3 minutes.
In this tutorial, we will look at some of the software that can be installed to track and steal information from a smartphone, whether for legitimate or malicious purposes.
There are a number of apps available for tracking/spying on both iOS and Android platforms. Probably the best, and one that appears to be being used by Tyrell in this scene, is FlexiSPY. It is available for either iOS, Android, BlackBerry, or Symbian. Some of its features are listed below from their website.
The Premium FlexiSPY with all the features listed above costs $349 per year. But there are other numerous iPhone and Android spying packages available from other companies. These include:
Most of these apps will not be in your app store as they are considered malicious, but some will. Some limited-capability apps are available in your app store that will track, for instance, GPS location, something that an employer might want to track employees or a parent might want to track their child movements or locating a lost cell phone. These are all considered legitimate and legal applications of this technology. In the Google Play Store, these include:
- Several apps named "Cell Tracker"
- GirlFriend Cell Tracker
- Mobile Location Tracker
- GPS Phone Tracker Pro
- And many others
These apps primarily track the location of the phone and are not capable of doing so many of the things that the paid apps do, such as reading SMS and email messages, listening in on conversations, spying on WhatsApp and other chat messengers, controlling the phone, etc.
Before we go further, I want you to keep a few things in mind.
- You MUST have physical access to the target phone/mobile device (the device you want to track). You have to be able to download the mobile spy software onto the device you want to track, and you don't need to download anything on your phone or computer. I found that it takes just about 2-3 minutes to install and activate.
- You must have internet access. These spy software apps transfer the data inside the phone/tablet to a central server where you can then access it. You must have Internet access from another device to access the phone's information.
- It probably goes without saying, but make sure the spy software is compatible with the phone's operating system.
- Be aware that it is illegal in most jurisdictions to install tracking software on a device that is not your own.
All that having been said, now let's install a smartphone spying software to test its capabilities.
Let's try out one of these apps for Android, TheTruthSpy. It has a 48-hour free trial, so we can use it for a couple days before deciding to buy it. Let's download it, install it, and give it a try.
This software seems to have all the features we could ever want to spy on someone's phone like Tyrell did in Mr. Robot.
These features include:
- GPS tracking
- Read email
- Record calls
- Read WhatsApp and other messages
- Track internet browsing
- View photos
- Send commands to the phone
- And a few others
Before we can install any spy software on a mobile device, we need to change the security settings. By default, Android and iOS are designed to only allow the installation of apps from their official store/repositories. We need to change that.
On Android, go to your "Security" settings (in the default Settings app), then allow app installations from "Unknown sources."
Next, download the trial version at android.thetruthspy.com, then tap on the "Download complete" notification (or find the file in your "Downloads" app) to run the installer file.
At this point, you will need to click through all the prompts and warnings to continue installing the app.
Finally, when it is installed, open it up, because you will need to link it to your account or open an account here with your email address.
After just 2-3 minutes with the phone, the spy software is installed and ready to go! To make sure the person doesn't notice anything wrong on their smartphone, make sure to disable "Unknown sources" if was previously unchecked, delete the .apk file from the Downloads app, and hide TheTruthSpy's icon, which can be done after logging in to the app.
Now that we have TheTruthSpy installed, we can access the phone information from the cloud. The spy software we have installed on the phone relays all the information on the phone to a server. We can then access that server via an account at my.thetruthspy.com as seen below.
Once we have logged in with our credentials, we are greeted by a dashboard like below. Since this is trial software, some of the capabilities are unavailable, but even this trial software comes with the ability to track the phone via GPS, gives you all the SMS history, the call history, Twitter history, and finally, Auto Answer.
Here you can see the call history screen. It lists each call, who it was from or to (I erased the names to protect the innocent), the date, and the length of the call.
Here you can see a text conversation I had with my friend Sam a couple days ago. All of the user's text messages are available here.
It also enables you to track the location of the phone (and presumably the user) wherever it goes.
One of the new features in TheTruthSpy is the Auto Answer feature. This feature enables us to call the phone and it will auto answer. In this way, we can listen in to any conversations taking place within earshot of the phone's microphone.
There are numerous other features available here with this app, but we must pay to enable them.
As you can imagine, this type of software has innumerable applications in cyber espionage, cyber warfare, criminal investigation, forensics, and in many other uses.
Once again, our favorite TV program has realistically depicting hacking. I will continue to show you how to do the hacks of Mr. Robot, so keep coming back, my greenhorn hackers!
Start your White-Hat Hacker journey with Null Byte's Beginner's Guide to Mastering Linux eBook.