The Hacks of Mr. Robot: How to Spy on Anyone's Smartphone Activity

How to Spy on Anyone's Smartphone Activity

The Hacks of Mr. Robot: How to Spy on Anyone's Smartphone Activity

Welcome back, my greenhorn hackers!

As all you know by now, I'm loving this new show, Mr. Robot. Among the many things going for this innovative and captivating program is the realism of the hacking. I am using this series titled "The Hacks of Mr. Robot" to demonstrate the hacks that are used on this program.

In the third episode, Tyrell Wellick, the technically-astute CTO wannabe, is seen having an affair with one of his employees. When his lover goes to the shower, he grabs his phone and installs tracking software on his phone to spy on him. We don't yet know why he has installed the software, but I'm sure we will find out soon.

Tyrell, with the physical phone in hand, is seen downloading and installing software to the phone for some malicious purpose (this is Tyrell, after all—he has nothing other than unbridled, ambitious, and malicious purposes).

Here is Tyrell downloading and installing this tracking app to his lover/employee's phone. If we want to do the same, we just need to have the physical phone in our hands for 2-3 minutes.

In this tutorial, we will look at some of the software that can be installed to track and steal information from a smartphone, whether for legitimate or malicious purposes.

Some of the Apps for Tracking

There are a number of apps available for tracking/spying on both iOS and Android platforms. Probably the best, and one that appears to be being used by Tyrell in this scene, is FlexiSPY. It is available for either iOS, Android, BlackBerry, or Symbian. Some of its features are listed below from their website.

The Premium FlexiSPY with all the features listed above costs $349 per year. But there are other numerous iPhone and Android spying packages available from other companies. These include:

Most of these apps will not be in your app store as they are considered malicious, but some will. Some limited-capability apps are available in your app store that will track, for instance, GPS location, something that an employer might want to track employees or a parent might want to track their child movements or locating a lost cell phone. These are all considered legitimate and legal applications of this technology. In the Google Play Store, these include:

These apps primarily track the location of the phone and are not capable of doing so many of the things that the paid apps do, such as reading SMS and email messages, listening in on conversations, spying on WhatsApp and other chat messengers, controlling the phone, etc.

Using a Smartphone Spying App

Before we go further, I want you to keep a few things in mind.

  1. You MUST have physical access to the target phone/mobile device (the device you want to track). You have to be able to download the mobile spy software onto the device you want to track, and you don't need to download anything on your phone or computer. I found that it takes just about 2-3 minutes to install and activate.
  2. You must have internet access. These spy software apps transfer the data inside the phone/tablet to a central server where you can then access it. You must have Internet access from another device to access the phone's information.
  3. It probably goes without saying, but make sure the spy software is compatible with the phone's operating system.
  4. Be aware that it is illegal in most jurisdictions to install tracking software on a device that is not your own.

All that having been said, now let's install a smartphone spying software to test its capabilities.

TheTruthSpy

Let's try out one of these apps for Android, TheTruthSpy. It has a 48-hour free trial, so we can use it for a couple days before deciding to buy it. Let's download it, install it, and give it a try.

Step 1: Check Out Its Features

This software seems to have all the features we could ever want to spy on someone's phone like Tyrell did in Mr. Robot.

These features include:

  • GPS tracking
  • Read email
  • Record calls
  • Read WhatsApp and other messages
  • Track internet browsing
  • View photos
  • Send commands to the phone
  • And a few others

Step 2: Install TheTruthSpy

Before we can install any spy software on a mobile device, we need to change the security settings. By default, Android and iOS are designed to only allow the installation of apps from their official store/repositories. We need to change that.

On Android, go to your "Security" settings (in the default Settings app), then allow app installations from "Unknown sources."

Next, download the trial version at android.thetruthspy.com, then tap on the "Download complete" notification (or find the file in your "Downloads" app) to run the installer file.

At this point, you will need to click through all the prompts and warnings to continue installing the app.

Finally, when it is installed, open it up, because you will need to link it to your account or open an account here with your email address.

After just 2-3 minutes with the phone, the spy software is installed and ready to go! To make sure the person doesn't notice anything wrong on their smartphone, make sure to disable "Unknown sources" if was previously unchecked, delete the .apk file from the Downloads app, and hide TheTruthSpy's icon, which can be done after logging in to the app.

Step 3: Log in to Control Panel

Now that we have TheTruthSpy installed, we can access the phone information from the cloud. The spy software we have installed on the phone relays all the information on the phone to a server. We can then access that server via an account at my.thetruthspy.com as seen below.

Once we have logged in with our credentials, we are greeted by a dashboard like below. Since this is trial software, some of the capabilities are unavailable, but even this trial software comes with the ability to track the phone via GPS, gives you all the SMS history, the call history, Twitter history, and finally, Auto Answer.

Here you can see the call history screen. It lists each call, who it was from or to (I erased the names to protect the innocent), the date, and the length of the call.

Here you can see a text conversation I had with my friend Sam a couple days ago. All of the user's text messages are available here.

It also enables you to track the location of the phone (and presumably the user) wherever it goes.

Auto Answer

One of the new features in TheTruthSpy is the Auto Answer feature. This feature enables us to call the phone and it will auto answer. In this way, we can listen in to any conversations taking place within earshot of the phone's microphone.

There are numerous other features available here with this app, but we must pay to enable them.

As you can imagine, this type of software has innumerable applications in cyber espionage, cyber warfare, criminal investigation, forensics, and in many other uses.

Once again, our favorite TV program has realistically depicting hacking. I will continue to show you how to do the hacks of Mr. Robot, so keep coming back, my greenhorn hackers!

30 Comments

No free (as in "free speech" as well as in "free beer") spying solutions? i thought hacking was the heaven for every open-source enthusiast. I'm disappointed, spyware-making companies! Does anyone perhaps know a free spying solution? free as in "open source" as well as in "free beer"?

nonetheless, a good tutorial. but now that i am in a grumpy mood because of things being closed source (seriously, i HATE closed source!), i think it suits to ask a maybe annoying question: what do we do if the phone is password locked? is there any possible bypass for that?

-Phoenix750

If it's from someone who uses it near you, just watch as he/she types it once...

For those who lock with that 9 dot thing where you draw a pattern, I found that 4 out of 5 persons draw the first letter of their name.

It'd be nice to have an open source version of this, but it seems that after you finish studying for Android Developing you become greedy.

I love this series! Great job, OTW.

1) Is there any app can be used on our private server for free?

2) Why are they naming their malicious apk something ends with Spy anyway? I mean that even though we hide it from the menu, victim can see it on the "Installed Apps" part.

As I mentioned in the article there are some free apps, but without all the capabilities of these others.

Although, as you say, some would look in the installed apps , most will not. In addition, these are not meant to be malicious. They are for employers and parents who own the phone and it doesn't matter whether the target knows it is there are not.

I think you should take one of the free apps and re-engineer it with additional capabilities. Shouldn't be hard.

i am not necessarily looking for free solutions, but open source solutions, but i guess that open source also means free. anyway, are there really no open source alternatives? I'd like open source so i can add my own things to it (like a towelroot exploit).

-Phoenix750

Are there any programs for Windows Phone?

No one uses a windows phone!

no one uses windows phone? you should pay a visit to Belgium. i think at least 40% of the population here owns a WinPhone i think (or at least in the area i live in).

-Phoenix750

...and the whole of Belgium has similar population as New York...its tiny

In my country it's pretty popular.

I own one, and I like it, it's simple, fast, and pretty. For a low-range phone, I'd totally recommend going for one of these :).

I feel like they're the new Blackberrys in terms of being secure, but maybe not so much because of the lack of vulnerabilities, but for the lack of people searching for them.

Kitten:

I'm glad to hear you like your Windows phone. I was, of course, joking when I said that no one uses a Windows phone. Globally, Windows phones are just 7% of the market. I don't expect that they will survive much longer. Microsoft has already done a major layoff at that division because of their inability to penetrate that market.

OTW

Look at this ! I got a fully featured tracker for free at https://tracker-free.com/
Not tried it as of now.
Feedback appreciated.
However, a closed source 'free' software probably from a chinese company looks highly suspicious.
So if someone can check the terms of use, I will be grateful.

the fact that they use gmail as their email provider already gives me a hint it isn't really 100% legitimate.

-Phoenix750

good but its not good i cant install on my vic phones

What happens to the free truthspy after 2 days then? Does the bugged person somehow get notified that there has been a bug on the phone??

No, of course, not. The app simply is de-activated.

Soy de habla hispana, asi que si el español es un problema puedo intentar escribir en inglés ^^. Mi pregunta es , ¿ Es posible descargar o conseguir una versión de flexiSpy crackeada o "full" como se le conoce? ¿o su defecto intentar volverla asi? ¿ o haciendo eso no funcionaria ?, ¿se puede conseguir una versión completa sin comprar? . Espero hacerme entender y pido disculpas si pregunte algo inadecuado

I'm sure that somewhere you can find a cracked version, but I don't have one here as that would be illegal.

Ok. Thanks for the prompt response.

so how do we reengineer one of the free apps?

Does a similar spy application exist for the iOS (iPhone)

As I say in the article, it is available for Android and iOS.

Does whatsapp spy require a rooted phone?

Nice Post as always.

As i was reading it, i was intrigued by one part in particular, "and hide TheTruthSpy's icon, which can be done after logging in to the app."

How can the app do this?? From all my readings, root access is mandatory to hide the icon. Allowing unsigned apps has nothing to do with rooting the phone. And even if we assume that the app somehow tries to get root privileges, a reboot would be mandatory. Also i would hate to give root privileges to a third party spying app over which I have 0 control!!! Learning to hide the icon could be really interesting particularly if we would like to try to develop our own apk. If you have knowledge of some techniques or documents that could help answer this question it would be much appreciated.

P.S: On my android phone with cyanogen version (5.1.1) not rooted, there is a protected app feature (settings, app, option (3dots), protected app) that can hide the app from the app list and the icon from the home screen. However,it requires a pattern. Thus if the option was previously used by the target, it would require from the attacker to have physical access to the phone and know the pattern which is less practical and likelyl.

i noticed in the show he used a sd card that uploaded what was needed to track his data , would you happen to know how to do this ?

Based on your advices, I did register with the truthspy... for 1 year, Glod plan.

Are you sure there is anyone beihind it?
I'm having technical issue with it, and NO response to all my emails since a week.

Did you check if the company was still alive ?

I like this article a lot ..

Recently I received a call from a friend of mine but when I answered there was no one on the line. I got a second call from this same friend and this time I could hear someone in the background but then they hung up again. She lives about 500 miles from where I was staying in the states. Then I got a facetime request from her and when I answered some kid said......"oh shit the damm thing worked!" and then they hung up. So I tried facetiming them back because my first thought was they had either stolen her phone or she had lost it. So when I did the whole facetime thing I was able to see several teenagers in the background and I was talking to this kid. He didn't say much to me and I couldn't get any info out of him except that he was located in a small town in the northern part of Michigan. My friend lives in the southern part of Michigan down by Livonia. Then he hung up. My service provider told me that the kids can put a app on their phone and access another persons contacts and then make calls using the numbers in that contact list. How did they do thi???

hi, is it possible to access data on an android phone if you don't have physical access to it but you have it's IP or MAC address?

Share Your Thoughts

  • Hot
  • Latest