Now again another wired thing came to know that Hacking Team's leaked data contains a source code of a Android Hacking tool which have a capability of infecting all Android based devices even users are running latest version of the Android.
Feature of RCSAndroid Android hacking tool
As this is one of the ever seen sophisticated hacking tool, RCSAndroid have a great powerful features which help government and law enforcement agencies around the world to completely compromise and monitor Android devices remotely.
- Capture screenshots using the “screencap” command and framebuffer direct reading
- Monitor clipboard content
- Collect passwords for Wi-Fi networks and online acco;.unts, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn
- Record using the microphone
- Collect SMS, MMS, and Gmail messages
- Record location
- Gather device information
- Capture photos using the front and back cameras
- Collect contacts and decode messages from IM accounts, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger.
- Capture real-time voice calls in any network or app by hooking into the “mediaserver” system service.
RCSAndroid a 'cluster bomb'RCSAndroid is a threat that works like a cluster bomb in that it deploys multiple dangerous exploits and uses various techniques to easily infect Android devices. While analyzing the code, researcher found that the whole system consists of four critical components, as follows:
- Penetration solutions, ways to get inside the device, either via SMS/email or a legitimate app
- Low-level native code, advanced exploits and spy tools beyond Android’s security framework
- High-level Java agent – the app’s malicious APK
- Command-and-control (C&C) servers, used to remotely send/receive malicious commands
How RCSAndroid hacking tool works?
There were two methods by which attackers targets users.
- The first method is using a text message or email which contains a specially crafted URL that triggered exploits for several vulnerabilities (CVE-2012-2825) and (CVE-2012-2871) in the default browsers of Android versions 4.0 Ice Cream Sandwich to 4.3 Jelly Bean, allowing the attacker to gain root privileges, and install the RCSAndroid APK.
- The second method is to use a stealthy backdoor app such as BeNews, which was especially designed to bypass Google Play, that exploit local privilege vulnerability in Android devices to root the device and install a shell backdoor.
As the tool source code is now available to everyone, means every Android users is under threats. It is recommend to all users to disable app installations from unknown, third-party sources. Use mobile security solution to secure your device from threats. Even you are running latest version of the operating system still you are under the circle of threatning.