Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,810 --> 00:00:09,620 Once a victim in a student opens a fake as you noticed we get emitter session on some mobile device 2 00:00:10,350 --> 00:00:16,620 and just by typing help you can see all the comments that you can implement. 3 00:00:16,620 --> 00:00:19,720 And by the way nothing is showing on the victim machine. 4 00:00:19,720 --> 00:00:30,190 So if you go to the victim smartphone and you check nothing seem Norman So everything will seem normal 5 00:00:30,190 --> 00:00:31,700 soon No problem would be there. 6 00:00:32,070 --> 00:00:33,870 So let's try a couple of comments. 7 00:00:33,870 --> 00:00:40,160 For instance let's dump so called Lock Let's see the code. 8 00:00:40,230 --> 00:00:47,950 Copy and paste and let's see. 9 00:00:48,630 --> 00:00:51,610 Cannot has been saved to this fine. 10 00:00:52,200 --> 00:00:56,670 And let me see this finds it next line. 11 00:00:56,990 --> 00:00:59,220 So you should be in the home folder. 12 00:00:59,640 --> 00:01:06,990 So you get into the home folder where is it you go. 13 00:01:07,000 --> 00:01:08,020 Opens fine. 14 00:01:08,060 --> 00:01:11,350 You can see all the logs. 15 00:01:11,410 --> 00:01:17,600 And this is scary and everything related if you need to for instance to 16 00:01:20,390 --> 00:01:22,310 open Zakheim or opens the mike. 17 00:01:22,310 --> 00:01:31,820 So let's do that let's webcam snapped and this will take snap picture from the cam based 18 00:01:38,050 --> 00:01:44,510 and he opens it and the picture are inside this specific. 19 00:01:44,510 --> 00:01:51,740 And as you can see it opens the cam and I believe if you type one or two it will show you the front 20 00:01:51,740 --> 00:01:53,210 cam or the back. 21 00:01:53,720 --> 00:01:58,310 You can open the mike you can open so it's quite controlling. 22 00:01:58,310 --> 00:02:06,650 You can do anything actually on this device including shutting down the device or open Zalmai can start 23 00:02:06,770 --> 00:02:08,540 listening and so on. 24 00:02:08,540 --> 00:02:17,590 So this is how to create a fake app and how to get access on a mobile device. 25 00:02:17,580 --> 00:02:25,430 Once the fake app is an orange now the only problem with this attack is that it requires some social 26 00:02:25,430 --> 00:02:28,820 engineering and this will be explained later on. 27 00:02:28,850 --> 00:02:32,290 For instance if you just run the app the same way it is. 28 00:02:32,300 --> 00:02:33,520 It will not be effective. 29 00:02:33,510 --> 00:02:39,440 I mean if you use any mobile user and install the app and he opens up and nothing happened he will be 30 00:02:39,440 --> 00:02:40,310 suspicious. 31 00:02:40,640 --> 00:02:48,240 But if you merge this is another known app like any airport game app or something like that. 32 00:02:48,500 --> 00:02:58,200 This actually will be easier to convince the victim to install it and open it. 33 00:02:58,220 --> 00:03:03,980 But still you will not be able to put such app on any store but you can put them on any of those free 34 00:03:04,220 --> 00:03:06,020 app web site. 35 00:03:06,020 --> 00:03:09,520 So later on we can see some tuning process that you can do. 36 00:03:09,530 --> 00:03:13,920 But after all the basic tech could still be the same. 37 00:03:14,060 --> 00:03:17,030 So let's move on to another attack. 3509