Cybernews reports mobile devices could have their geolocation unmasked without malware injection through the use of the new Seeker tool developed by offensive mobile security researcher thewhiteh4t.
Malicious actors could use Seeker to choose templates mimicking legitimate websites, such as Google Drive, Telegram, and WhatsApp, before proceeding with social engineering schemes luring targets into entering the phishing site that seeks access permissions, a report from Mobile Hacker showed. Approving such permissions allows attackers to not only procure the precise location of mobile devices but also other device details, including operating system, browser, platform, and GPU vendor information. Attackers could also leverage the tool on devices with a Linux terminal. "This tool is a Proof of Concept and is for Educational Purposes Only. Seeker shows what data a malicious website can gather about you and your devices and why you should not click on random links and allow critical permissions such as Location, etc.," said thewhiteh4t.
Malicious actors could use Seeker to choose templates mimicking legitimate websites, such as Google Drive, Telegram, and WhatsApp, before proceeding with social engineering schemes luring targets into entering the phishing site that seeks access permissions, a report from Mobile Hacker showed. Approving such permissions allows attackers to not only procure the precise location of mobile devices but also other device details, including operating system, browser, platform, and GPU vendor information. Attackers could also leverage the tool on devices with a Linux terminal. "This tool is a Proof of Concept and is for Educational Purposes Only. Seeker shows what data a malicious website can gather about you and your devices and why you should not click on random links and allow critical permissions such as Location, etc.," said thewhiteh4t.
