How to Spy on Text Messages Without Installing Software
It is significantly harder to spy on text messages without installing software; however, to a skilled social engineer it could be easier. Spying on text messages without installing software is only possible under a few specific conditions. Most methods used to capture your personal communications grant access to far more than just text message, giving complete remote access to everything on your device. Here we’ll be showing you how to spy on text messages without installing software.
Protect Your Google Account
Your Google Account can be used to gain access to all of your data and attached devices. If your messaging app is handled by Google then by compromising your Gmail an attacker automatically has all of your messages logged. Always enabled two-factor authentication for your Google account and inspect any suspicious activity.
Google won’t erroneously log attempted logins. Whenever you are notified that one has occurred and can’t verify that it was you or a relative, you need to carry out a comprehensive security scan of your devices.
A login means that one of your computers or smartphones is infected with a host application serving as a gateway to your attacker. It does not necessarily mean that the one you are using is affected but with access to your Google account it is likely that your messages are being spied on.
A connected Google Account typically keeps the backup of all WhatsApp messages as well as other social account logs. All the attacker would then need to do is either intercept a QR-code and clone your WhatsApp to a desktop device to read all of your messages live.
Once your WhatsApp backup is stolen the message store can be decrypted using online tools and/or services. A Google Account is too valuable to be compromised. It connects to far too much online services. Always protect it.
NFC Vulnerabilities
Until recently it was thought that remote controlling a phone by doing nothing other than being in range was a feat seen only in the movies. At a leading security conference an aspiring hacker proved the validity of this vision through exploiting a vulnerability in the NFC chipset of certain mobile phones. While this is certainly far from accessible to even the most hardened technophiles, NFC hacking is real.
Professional hackers and top security experts have the capability to exploit your NFC chipset designing protocols which allow remote control and surveillance once the attacker is within a 100-meter, or 330-foot range. If Charlie Miller could take over an NFC-enabled Nokia in 2012 you can imagine how much easier it is today.
The SS7 Exploit
The legacy telecoms protocol Signaling System 7 (or SS7), first launched in 1975, has been responsible for countless messages and voice calls being intercepted over the years. This vulnerability was discovered many years ago but is still in place by certain service providers and devices, especially in third-world countries and areas with relatively new telecoms infrastructure.
The basic process involves connecting to the SS7 network using a global title and point code assigned by the network provider as either a MSISDN or IMSI. An attacker either connects directly to a mobile operator or via an aggregator giving access to a specific range for a specific network. As SMS or voice call authentication starts, an SS7 hack intercepts the SRI-SM query, displaying the authentication code needed to forward calls or messages to another number.
On a network which isn’t protected against this exploit, call flows for all your apps can be hacked. This includes WhatsApp, Facebook and Twitter. Any app which uses your phone for verification can be exploited now that the SS7 flaw has been capitalized on and your incoming message and call signatures hijacked.
Total Phone Backup
Beware of who you give your phone to. When handing your phone over for repairs make sure that the place you are using has a trusted reputation. Fly-by-night technicians and mobile repair agents can take a ‘snapshot’ of your entire device leaving all of your message, contacts, call logs and images in their hands. A malicious party can use this information to their own benefit for further social engineering or as a way to claim use of your identity.
There is no such thing as infallible security technology. Even PIN codes and lock-screen patterns can be bypassed once the phone is in the hands of an attacker. A cabled connection allows for low-level access to everything on your device.
A complete backup will leave your Instant Messenger message logs encrypted; however, even the hardiest protection can be cracked. WhatsApp addressed this issue years ago by encrypting its message store but given a little digging you can find apps to decrypt crypt12, and freelance hackers offering decryption services.
All that it takes to steal your total WhatsApp message log is copying the files from your phone once a cable is connected or sending them to another device via Bluetooth. Given their small size it doesn’t take very long.
Stay Up to Date
Most spying on text messages is done with the help of software. If you think you are being spied on then check to see what is installed on your phone first. Spying on text messages without installing software requires a great deal of technical knowledge and practical penetration testing experience. If you own an older phone, particularly one featuring WAP technology, and are worried about your messages being intercepted, buy a new phone. WAP integration is usually a hallmark that the technology is well beyond safe use.
Push messages and other forwarding techniques can set up a man-in-the-middle scenario using a WAP phone far easier than any Android or iOS device. Save yourself the sleepless nights and upgrade. There are more tools out there to hack smartphones but current devices are far more secure than anything coming out of yesteryear.