Late last night I was catching up on some DVR’d shows and ran across an interesting piece. In the new series Mr Robot, the arch-nemesis takes an android phone and downloads a piece of malware in order to spy on a co-worker. At first I thought this was some typical Hollywood techno-malarkey, but lo and behold Business Insider ran with this piece today. A writer named Pneumatico Research described the following for ‘The Medium‘-
We’ve reviewed the installation guides on YouTube for some of the more popular spyware products… but we found a winner with a product called Flexispy. Flexispy is self-described as “the only mobile monitoring software that can spy on 13 instant messengers”, …their video entitled “Install FlexiSPY on to an Android Target phone” shows the exact installation process from the Mr. Robot episode.
The installation process depicts granting root privileges to the backdoor app named “System Update” — which is Flexispy’s “safe name”, on the Android phone. The root privilege is granted by an access management tool called SuperSU. The SuperSU’s icon is hidden by so the target doesn’t realize that their phone had been tampered with. After completion, their phone appears clean as a whistle.
In real life a hacker wanting to intercept someone’s messages would only need a couple minutes with the target’s phone to install one of these insidious products, any sleazebag with a credit card can buy it online in seconds.¹
Now that the recipe for hacking android phones has been televised, there are accompanying articles, and YouTube videos, isn’t it about time you took your security seriously?
Isn’t is about time you came #BackToBlack?
¹ UTB does not condone hacking or bugging phones as this is an illegal activity.