I’ll show you how to hack a phone easily!
I explain 10 ways how you can hack a smartphones (iPhone / Android) without much computer knowledge.
Each strategy is explained step-by-step!
- 1 Introduction for non-geeks
- 2 Social Engineering – Best for Beginners
- 3 Vulnerability exploitation on the computer – Tools
Introduction for non-geeks
Choose between the following two paths if you want to hack a phone.
Both ways are used by spys to get price lists, customer data, patents, money and recipes. The criminals can cause great financial damage with both methods.
Path 1: Social engineering – manipulating people
You try to get the victim’s password or access via various psychological manipulations (social engineering).
This type of attack requires little or no technical knowledge about cybersecurity.
A good social engineer has…
- Good timing
- A lot of patience
- Knowledge of human nature
No IT security barrier in the world protects individuals or companies from a social engineering attack.
The weak point is not found in the flaws of the technology, but in the credulity of 98 % of humans. To me, this method of attack represents a mixture of Hollywood, tricks and acting. To carry out a social engineering attack, you need several attempts and a portion of luck.
Don’t give up so quickly!
Path 2: Exploiting vulnerabilities – Use exploits
If you are not an actor and prefer to “hack the phone”, you need to exploit the technical weaknesses in the devices and software.
Programmers unintentionally produce errors in the source code that criminals find and exploit (exploits).
Social Engineering – Best for Beginners
In the following, I explain the 10 ways you can hack into a smartphone of an (un)known person without knowing the password.
8 of the methods presented apply to all phone device types – 2 methods are device-specific (noted on the method).
#1 Pretexting – The art of acting
Difficulty: medium | technical understanding: none | device: universal
Make up a believable story to force your victim to reveal his/her password.
Try to be creative and use a personal reason to mislead the victim.
#2 Post-its trick – Custody security
Difficulty: easy | technical understanding: none | device: universal
Does your victim (always) write down his or her passwords? Does your victim often forget the credentials, so that they are written down somewhere?
Many users write their passwords on Post-its and stick them to their screen. Alternatively, the passwords can be found, for example, in the
- Journal / diary
- Inside the mobile phone case
- in the paper pile next to the computer
- under the work surface
#3 The Play – Improvise
Difficulty: high | technical understanding: none | device: universal
If the victim is typing on his/her mobile phone, create the impression of an emergency situation where haste is required. The victim is distracted and leaves his/her smartphone locked.
… typing on the smartphone….Victim (smartphone junkie)
Standing by the cupboard and you fake an accident “Ah! I bumped into the cupboard! Can you hold the vase!”You (Social Engineer)
Jumps up and instinctively helps youVictim (smartphone junkie)
“Can you get me a cool pack from the basement ?”You (Social Engineer)
… goes to the basement…Victim (smartphone junkie)
You have 2 minutes to install a mobile phone monitoring app.
#4 Evil Quiz – Questioning Techniques
Difficulty: medium | technical understanding: none | device: universal
Try to ask the victim for his/her password using the following technique. Using clever questioning methods, the victim voluntarily reveals the password. The method doesn’t always work, but on YouTube you can find enough videos where the moderator “asked” for the password.
“What is the password of your mobile phone?”You (impudent social engineer)
“It’s secret. My favourite food.”Victim (IQ 130)
[Change of subject – you talk about cars for half an hour.]
“I was going to cook for you next Sunday. What do you like best of all the dishes?”You (impudent social engineer)
“Spagetti”Victim (despite IQ of 130)
This really works!
Vulnerability exploitation on the computer – Tools
#5 Path of the least resistance
Difficulty: easy | technical understanding: medium | tool: universal
Does your victim use a laptop without a password?
If the victim is logged into Google, you can reset the device password via Google. Many users do not lock their laptops during breaks. During the lunch break, you can work in peace for up to 1 hour and install malicious software until the victim comes back.
#6 Guessing a password – Bruteforce
Difficulty: easy | technical understanding: hardly any | device: universal
You can try to guess the password. The internet provides password lists with the hundred most common passwords. In 2019, the top 5 passwords were:
If you know the person, think of the victim’s personal characteristics e.g. birthday, name, pet name, husband / wife, boyfriend / girlfriend, number plate, favourite dish. Most people are very simple when it comes to passwords.
Most users do not think up complex passwords.Steffen Lippke
Stop at more than 5 attempts, otherwise you risk a long password delay or a full lockout.
Pro-Tip: If you need more password ideas, check out rockyou.txt (130 MB+ plaintext passwords). These tools allow accelerated cracking with the GPU.
#7 Remove SIM card – Second spears
Difficulty: easy | technical understanding: little | device: universal
The smartphone will ask you for a PIN for the SIM or (and) a password for the smartphone when you start the device.
If your victim had set the PIN only for the SIM, remove the SIM card from the SIM slot. You can access the locally installed apps, pictures and documents.
Hacking can be this simple!
#8 Exploit vulnerabilities
Difficulty: high | technical understanding: high | device: universal
As soon as a flaw can be found in the software, black hats write programmes (exploits) for forced entry.
The hackers publish these for private use. Many hacking tools should only be used in a protected environment (risk of self-infection).
In the past, there have always been exploits for Instagram and WhatsApp. There will be more in the future (see Darknet).
#9 Hack against hackers – Rooted smartphones
Difficulty: medium | Technical understanding: high | Device: Android
If your victim is a geek, the probability increases that the device is rooted. You can reset the password via the console.
USB debugging or the recovery system must be activated for the hack. You need to install an Android Device Bridge (ADB) or an Android SDK on your computer.
- Connect the phone via USB
- Opens a terminal in Linux or the cmd in Windows
- Navigates to the
platform-toolsof the SDK folder
or adb folder
- Enter the following commands
- For a pattern
adb shell rm /data/system/gesture.key
- For a password or PIN
adb shell rm /data/system/password.key
#10 Non-patchable hack in Apple devices
Difficulty: medium | technical understanding: high | device: see below
This iPhone hack applies to all iPhones from 4S to X and many iPads. The Apple devices show a vulnerability when they are switched on (booting).
Affected are: iPhone 4S, iPhone 5, iPhone 5C, iPhone 5S, iPhone 6 & iPhone 6 Plus, iPhone 6S & iPhone 6S Plus, iPhone SE, iPhone 7 & iPhone 7 Plus, iPhone 8 & iPhone 8 Plus, iPhone X, iPad 2, iPad Mini, iPad Mini 2, iPad Mini 3, iPad Mini 4, iPad Air, iPad Air 2, iPad 5 (2017), iPad Pro (12.9 in), iPad Pro (9.7 in), iPad Pro (10.5 in), iPad Pro (12.9 in), iPad 6G, iPad 7G
Apple cannot solve these with a software update. They would have to collect all the devices and have the chips replaced (not economically sensible).
No iPhone owner can protect themselves from this. The user must never lose sight of the device. Hackers can get into the system via a jailbreak.
Which hack did you have (no) success with? Write me about your experiences below in the comments!
Quellenangabe Bilder: Icons und SVG-Grafiken im Titelbild von Microsoft PowerPoint 2019, frei verfügbar nach EULA
*) Mit dem Abonnement des Newsletters erklären Sie sich mit der Analyse des Newsletters durch individuelle Messung, Speicherung und Analyse von Öffnungsraten und der Klickraten in Profilen zu Zwecken der Gestaltung künftig besserer Newsletter einverstanden. Sie können die Einwilligung in den Empfang des Newsletters und die Messung mit Wirkung für die Zukunft widerrufen. Mehr in der Datenschutzerklärung.