Penetration assessment and ways to combat attack on Android devices through StormBreaker - a social engineering tool

Abstract

With the continuous advancement of technology, it became necessary to use the internet to communicate and exchange information. Since the internet is a known open platform, malicious people also utilize it with the dangerous intention of exploiting confidential information. With unethical hacking, attackers ensure that the user does not discover their exploitation methods. At a higher level of hacking, the attacker aims not to be detected by security enhancement software or technical staff. Social media is one of the most common means of exposure to attacks such as social engineering, wherein individuals receive unsolicited e-mails, messages, or any form of text that contains a malicious link that can endanger their sensitive data. Most people are unaware of the security risks that may harm their identity and device. With this, the study conducted an online survey to determine whether people are knowledgeable of suspicious activities that may occur with a social engineering attack. The survey revealed that twenty-four (24) respondents are aware of suspicious URL links that can access their personal information when clicked. To further understand the methods of social engineering attacks, the researchers performed a simulation attack using StormBreaker, a Social Engineering Toolkit (SET). Results show that StormBreaker can access device information, accurate location, webcam or front camera, and device microphone. Thus, the researchers recommend implementing a firewall to enhance network security and to be more vigilant in internet usage.