The video below shows how easy it is to download someone’s text messages from a smartphone. We did this with an iPhone, but similar techniques can be used on an Android device or any other smartphones.
Here is a summary of steps:
1. Jailbreak the iPhone. We used a zero-day exploit to remotely jailbreak the iPhone without the user’s consent. We then loaded a SSH shell onto the device.
2. Find out the users IP address. In the video we show what the IP address is, but in the real world we can use a scanner to do an OS fingerprint and find out the IP address.
3. Once SSH is loaded on the phone, we can use SCP to transfer the SMS database. On the iPhone this is located at /private/var/Mobile/Library/SMS. We used the SCP protocol to download the SMS database (called sms.db) to our Downloads folder. When we downloaded the SMS database (sms.db) we just renamed it local-sms.db
4. The iPhone will ask for a password. Every iPhone has a default password of “alpine”. Users cannot change this unless they jailbreak their own device first.
This is an oversimplified version of an attack. It can be modified with a little blackhat hacking to be a much more complicated attack. We can modify this so there is no user interaction, performed over 3G networks, and all we need is a user’s phone number.
Besides text messages, other information can be retrieved from different databases. Here is a summary of some of the databases on the iPhone. Happy hacking.
Call History backup
Voicemails are stored as 1.amr, 2.amr, within this directory. The custom greeting is stored as Greeting.amr
Contacts/Address Book backup
Pictures and Video Recordings
Do you want more info on how to protect yourself against these common threats? Try cloud base scanning thru iScan http://www.iscanonline.com