Geek magazine hacker daily blog

2 years, 12 months ago
The Tel-Avivsky startup of Rayzone Group executing orders for defense of Israel released the small InterApp device capable at the same time to crack one hundred smartphones on Android and iOS and to receive logins and passwords from social networks, e-mail, DropBox, the photo from gallery, the contact list and data on a geolocation. The main condition — the included WiFi.

image
Application interface for the InterApp device

The RayZone company describes the product InterApp as the intellectual system changing rules of the game developed for safety and the armed agencies, allowing them to collect imperceptibly information, using vulnerabilities in applications on the smartphone. For use of the device any technical skills, judging by an interface screenshot — the application quite simple and intuitively clear are not necessary. The device works at different platforms and at the same time obtains data from hundreds of smartphones on the iOS and Android operating systems. Such device will be useful for anti-terrorist services and security polices in places of accumulation of people – for example, at the airports and shopping centers.

Everything that is necessary from the attacked gadgets — the module included in WiFi. Connections to any network and surfing of the Internet are not required. Details about that, the gadget how exactly works is not present. To purchase the device it will not turn out — representatives of the company say that it is intended only for government services, and do not answer questions of journalists.

Rayzone declares that the device does not leave any marks of the presence on smartphones.

InterApp according to the brochure obtains the following data from the devices attacked by it:
  1. E-mail addresses of the user, passwords to them and their contents
  2. Passwords and logins from Twitter, Facebook and other applications of social networks
  3. Password and contents of DropBox
  4. MSISDN and IMEI identifiers
  5. MAC address, model and operating system of the device
  6. Contact list
  7. Photos
  8. Personal information: sex, age, address, education and so on.

Among other products of the company there is a platform of the analysis of big data of TA9, a gripping device for IMSI identifying in networks 2G, 3G and 4G Pirahna, a device for detection and neutralization of other IMSI traps ArrowCell, the location-based intellectual GeoMatrix system. The RayZone company is part of Hacking Team, the Italian developer of systems for penetration and shadowing users.

image
Application screenshot

image
InterApp device

Information security specialists advise not to use WiFi on smartphones – so devices simpler to crack. The British company Sensepost found out that by means of UAVs it is possible to get into gadgets, flying over the city. Smartphones continuously send signals to find familiar WiFi of a network in attempt and to be connected to them even if it is a network of cafe in which the user sat a few weeks ago. Sensepost used the normal quadcopter purchased on Amazon and the software of Snoopy written by them which looked for these signals and deceived the device, pretending to be a familiar network. After connection to the quadcopter all data from email applications, Facebook and even bank software went to the people managing the drone.

image

This article is a translation of the original post at geektimes.ru/post/268084/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: sysmagazine.com@gmail.com.

We believe that the knowledge, which is available at the most popular Russian IT blog geektimes.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.
Best wishes.