Android IMAP and SMTP password Hack

Android will expose your IMAP password in wrong hands

Android IMAP password Hack

In: 2FA, Exploit, Social Engineering

Having your android device unlocked will definitely results in password disclosure.


  • Open Your IMAP/SMTP settings.
  • Change address of your SMTP mail server to a computer under your control and make sure "Authorisation" is checked.
  • Fire up netcat, pretend to be a mail server and ask for authorization.
  • Let android try to authentificate and get your victim's password..

The problem is, even Android 7.1 is vulnerable. All you need is someone's phone in your hand, considering it's not locked.

This option should really ask you to re-enter your password prior to a server change.





Stefan Ćertić
Share the Fun!

Sharing is caring, and sharing is easy! made it easy!

Join the talk

Share your toughts on the subject or whatever you would like to know.

Recent Posts

Stay up to date with latest toughts on Technology!

Disk based RAM tweak - Making swap to work for you May 14th 2020 Android IMAP disclosure? Jul 15th 2015
Categories

Browse blog post by popular tags.

2FA9 Mobile Security8 Cyber Security5 Hacking1

It Doesn't Matter How Many Resources You Have - If you don't know how to use them, they will never be enough.

Infosec with Experience® is registered trademark under number UK00003915360. Company Government Registration Number (MB): 65176823

Copyright Stefan Ćertić .

Navigation
Welcome Services Blog News Contact Gallery Videos Publications Software Support Tools Links Music Code of Conduct Privacy Policy Close
Copyright 2016. All Rights Reserved
Let's get social
Facebook Twitter Google LinkedIn YouTube Pinterest Instagram VKontakte Call Me Skype Mail Us
SEND ME A MESSAGE

Your message is important to us, and we'll get back to you in tops 48 hours

Awesome! We'll get back to you!
Name is required!
Mail address required!
Mail address must be valid!
Message field is empty!
Copyright 2024. All Rights Reserved

Share Page

Back to Top