Last night while installing some apps on my Nexus 4, (restoring after a wipe) I happened to install back my Dropbox which I hadn't used for a while. After the install I realized that I had forgot both the email registered to it and its password. So I decided to create a new account and I was surprised at the fact that it was ridiculously simple to set up a new account with 2GB of cloud storage. So simple that I instantly found something that’s deadly if used properly. A hack that doesn't require any coding and yet can be immensely dangerous. Let me explain how it works
Things you need to pull off this hack
a. An Android phone
b. Wifi or HSPA on the selected phone
c. 2 minutes of your time
The steps?
1. Get the Android phone. Yours or your friend’s will do.
2. Most of the phones (especially Samsung) comes with Dropbox installed out of the box. And about 70% of the users don't know what it is or how to use it. Okay don’t counter attack me saying everyone knows about dropbox, trust me a lot of non geeks who use Android have no clue what it is or probably wont use it. So if the user has no dropbox install it from the play store PS: First problem is right here. The Play Store doesn't authenticate downloads like on iOS or WP. It just lets you do anything you want.
3. Create a dropbox account from within the app. (No email verification required for Dropbox. How funny is that?)
4. After creating, turn on Auto upload of photos and videos via Mobile data & or Wifi. 5. Put a passlock (Settings > Turn on passlock)
6. Go to Settings > Apps > Dropbox and untick the show notification option. (Now the app is almost anonymous. Doesn't show a notification that the photos have been uploaded)
7. Additionally you can install a new launcher like Apex or Nova and hide the Dropbox icon thereby creating a cloud that will automatically upload each and every photo or video the phone takes anonymously for your viewing pleasure. Just log on to that dropbox account via a PC and you can view/edit/delete any picture or video taken on it.
Now this is super deadly. Why? Because anyone who gets to use your phone for 2 minutes can set this up effortlessly and continue spying on your photos and videos until he/she decide to sell the phone. The ultimate spyware right? Think about it. This is exactly why Android needs to be more secure.
Things you need to pull off this hack
a. An Android phone
b. Wifi or HSPA on the selected phone
c. 2 minutes of your time
The steps?
1. Get the Android phone. Yours or your friend’s will do.
2. Most of the phones (especially Samsung) comes with Dropbox installed out of the box. And about 70% of the users don't know what it is or how to use it. Okay don’t counter attack me saying everyone knows about dropbox, trust me a lot of non geeks who use Android have no clue what it is or probably wont use it. So if the user has no dropbox install it from the play store PS: First problem is right here. The Play Store doesn't authenticate downloads like on iOS or WP. It just lets you do anything you want.
3. Create a dropbox account from within the app. (No email verification required for Dropbox. How funny is that?)
4. After creating, turn on Auto upload of photos and videos via Mobile data & or Wifi. 5. Put a passlock (Settings > Turn on passlock)
6. Go to Settings > Apps > Dropbox and untick the show notification option. (Now the app is almost anonymous. Doesn't show a notification that the photos have been uploaded)
7. Additionally you can install a new launcher like Apex or Nova and hide the Dropbox icon thereby creating a cloud that will automatically upload each and every photo or video the phone takes anonymously for your viewing pleasure. Just log on to that dropbox account via a PC and you can view/edit/delete any picture or video taken on it.
Now this is super deadly. Why? Because anyone who gets to use your phone for 2 minutes can set this up effortlessly and continue spying on your photos and videos until he/she decide to sell the phone. The ultimate spyware right? Think about it. This is exactly why Android needs to be more secure.
No comments:
Post a Comment