Mobile Hacking Part 2: Mobile v.s. Desktop

Welcome back everyone! In the first part of this series we discussed a basic overview and built our very own Pwn Phone. Now that we have a device that we can use, we’ll be comparing and contrasting it to standard desktop hacking equipment and software.

final-thumbnail

This will give us a deeper insight to the pros and cons of using a mobile device for our hacking needs. We’ll start by performing a pro/con analysis for each set, then we’ll compare them for a final analysis. We’ll start with the desktop set, since it’s the simpler of the two.

Pros and Cons of Desktop Hacking

When we think of desktop hacking, we need to imagine all of the things we usually see in a hacking environment. Such as a desktop computer running Kali Linux. In order to analyze the desktop hacking environment, we’ll go over all the pros, and the cons that come with them. So, let’s start analyzing.

The first perk that we get from desktop hacking is customization. We can freely install and uninstall as many hardware components as we want. This can lead to us having immense processing power for the various attacks that need it. But, there’s a catch. When we add new hardware to a Linux system, it won’t always work. Due to it’s open source nature, Linux can’t support all components. In a nutshell; when utilizing the customization that comes with using a desktop setup, the task of keeping everything running smoothly becomes much more complicated.

computer-parts

The second notable feature of desktop hacking is the ease of installing and using external hacking equipment. Being able to upgrade our processing power is one thing, but we can also use multiple peripheral devices very easily. For example, we can use an external wireless adapter to hack wireless networks. This enables us to perform specialized attacks with relative ease. But, this also comes at the same price as being modular. With the use of extra peripherals comes extra complications in keeping the system in working order.

The final perk that we’ll cover is tool compatibility; When using a desktop hacking environment, we are guaranteed compatibility for any Linux-platform hacking tools that are released. Even if we don’t have the proper dependencies to run a given tool, we can quickly install that dependency and get rolling. This let’s us use any tool that we need in a quick and efficient manner, a very large bonus!

Now that we’ve covered some of the basic perks to using a desktop hacking environment, let’s cover the pros and cons of using a mobile hacking devices. These perks apply to all mobile devices, such as Pwn Phones or Pwn Pads even.

Pros and Cons of Mobile Hacking

Now, time to get to what we’ve all been waiting for, mobile hacking! We’ll again analyze three of the main perks to mobile hacking, so let’s get to it!

First up we have something very obvious, mobility (duh!). When we’re using mobile hacking equipment, it’s much easier to transport. So much so that we can often carry it with us in our pocket! This allows us greater physical opportunities. There is one thing to remember, physical access to the victim machine will always equal a game over. Being able to carry our hacking equipment in our pockets makes it incredibly easier for us to gain physical access and get that game over!

lock-broken-promise-og-p2

 

Secondly, we have something that just dawned on me the other day, conceal-ability. Referring again to the ability to gain physical access; Being able to carry all of your equipment with you in your pocket is much less likely to draw suspicion. Let’s set up a quick scenario to understand this; You’ve been hired to perform a penetration test on a company named Vuln Inc. Through a conversation with the executives that hired you, you’ve all agreed that a physical penetration test would be most beneficial. This is where you have a decision to make. Do you bring a Kali laptop inside of a backpack, or do you bring something along the lines of a Pwn Phone? If you bring the backpack, building security will surely stop you, but the Pwn Phone will allow you to blend in with the rest of the sheepish office workers, a definite plus!

Our final perk for using a mobile hacking device is the plethora of brand new attacks that we otherwise couldn’t perform. These attacks are things such as a HID keyboard attack, which we can easily perform using Kali Linux Nethunter but cannot perform from a desktop environment. This benefit may seem a bit simple, but given the proper circumstances, mobile-specific attacks can be extremely powerful. (We’ll cover them in the future)

Now that we’ve went over the individual perks of mobile and desktop environments, we’ll compare them with each other for a quick run-down.

Side note: Laptops will be considered a desktop technology due to it’s difficulty to conceal and suspicion raising, although in many other instances it can make for a legitimate mobile hacking platform.

Mobile v.s. Desktop

  • Customization/Modularity
    • Desktop
      • Extremely modular: Can easily install/remove extra hardware components to strengthen processing power
      • Becomes overly complicated when managing a Linux system
    • Mobile
      • Not modular
      • Rather limited processing power
  • Mobility
    • Desktop
      • Stationary/barely mobile
      • Dedicated space required: Often time large amounts of desk/floor space is needed
    • Mobile
      • Extremely mobile
      • Often times pocket sized
  • Compatibility
    • Desktop
      • Compatible with nearly all newly released hacking tools with little/no modification
    • Mobile
      • Compatible with most tools, though a good number are not compatible
      • Capable of launching special attacks that cannot be performed from a desktop setup
  • Conceal-ability
    • Desktop
      • Nearly unconcealable
      • Even laptop bags can attract much suspicion
    • Mobile
      • Extremely concealable
      • Not perfect, but better

We’ve covered a lot of things that are seemingly nonsensical today. Let’s be completely honest, mobile and desktop technologies are so diverse that they don’t really need to be compared. They are entirely different technological ballparks. But in order to prove that mobile hacking does have some weight and legitimacy to it, we needed to compare it to what everyone already knows to show how effective it can be versus the mainstream. That’s the point of this article, and now that we’ve proven mobile hacking worthy of our time, we can really delve into it. Next time we’ll be discussing the different mobile hacking options, I’ll see you there!