The Black Hat USA conference is an annual event that draws hackers, crackers, consultants, top corporate executives and government agencies to its seats every year. For four days these like-minded individuals gather to see the wonders and marvels of what hacking can do. Recently, Jack Barnaby, world-renowned hacker was slated to demonstrate how a pace-maker can be hacked to kill someone on the spot. Sadly, the famed genius was found dead in his apartment weeks before the conference. The conference continued on and flaws for Android climbed the chart. AndroRAT is an open-source tool that was created in late 2012. The Black Hat conference showed this in combination with the AndroRAT APK specifically created binder. With this binder AndroRAT developed a new concept of hacking into Android phones.
Forbes reports during the Black Hat conference, crackers explained how they set-up “a false, rogue cell tower in the near vicinity” of a company executive (both company names withheld). With the access of the AndroRAT APK binder the crackers were able to from their location, hear the conference the executive stepped into, reports Forbes. The conversation turned to how the executive had ” shorted the stock of his firm and netted themselves $30 million,” writes Forbes.
The RAT tools of Android phones is not a new concept, but the technology and increase of damage is rising at high levels, especially with open source tools, like the APK binder. What makes the AndroRAT APK binder tool so dangerous and note-worthy? No experience is required to execute this hack. In correlation with the binder, hackers can take personal information from the Android and use the phone remotely in ways that are disturbing, such as:
- Retrieve phone call logs
- Capture and follow media messages
- Listen and monitor calls
- Use the camera function to take a picture and retrieve it
Naturally, the next question leads to how a user becomes infected. This is where the binder becomes king. It helps the hacker to package the AndroRAT tool and make an app. Forbes notes Angry Birds is an example used by hackers for this malicious tool download. The facade app can be named after a popular app, even labeled after popular downloads like Words with Friends and Candy Crush. The hacker takes to third-party sites to advertise their app and wait for victims to start the download.
Forbes shares that once a user downloads the rogue app, typically advertised free, the phone becomes infected and ready for a hack attack. Once this trojan is firmly implanted, the user remains unaware. Turning on their phone activates this trojan app for use and it’s a free game of information retrieval. Information, experts report, that may be worth serious money in underground markets.
Google took to their official blog after the Black Hat conference to help Android users with steps to protect their phone:
With summer vacation in full swing, you’re likely out and about, using your smartphone or tablet to get answers on the go or check out the latest cool apps and games. But you don’t have to leave safety at home! In this post, we’re sharing a few tips and tools that you can easily set up if you’re on an Android phone or tablet to keep your device—and the contents inside—safe and secure, including a new service that makes it easy to locate a misplaced device.
1. Lock your device screen. Whether you’re on a phone or a tablet, it’s easy to set up a screen lock. This is important to do in case your device gets left in the back of a car, or you’re worried about someone picking up your phone and scrolling through your stuff. You can lock your device with a pin, password, pattern (or even your face!) by going to Settings > Personal > Security > Screen Lock.
2. Protect your phone from suspicious apps. We automatically scan Google Play to block and remove harmful apps. That makes Google Play the safest place to get Android apps. But Google Play can also help protect you even for apps you get elsewhere, like the web or a third-party app store. The first time you start to install an app from an unknown source, a message will pop up asking if you’d like Google to scan the file to make sure it’s not harmful. Tap “OK” to let Google help protect you from harmful apps.
3. Locate, ring and wipe a misplaced device. Have you ever lost your phone in between the couch cushions or left it in a restaurant? Later this month, you will be able to use a new service called Android Device Manager, which can quickly ring your phone at maximum volume so you can find it (even if it’s been silenced), or locate it on a map, in real time, using Android Device Manager. If your phone can’t be recovered, or has been stolen, you can quickly and securely erase all of the data on your device to keep your data from ending up in the wrong hands. The Android Device Manager will be available for devices running Android 2.2 and above, as part of Google Play.
Advice to users is to basically avoid clicking links that lead to third-party sites advertising free apps. Experts feel more Internet Service Providers will be filtering third party apps from harmful hacking tools like AndroRAT APK binder, DroidWhisper, Master Key and many more open-source tools for Android phones. The severity of this situation should not be taken lightly for agencies, corporations and individuals who demonstrate the highest need for privacy. Take these precautionary steps to avoid becoming a victim and an example at the next Black Hat conference.