Unlocking the Treasure Trove: Enhancing OSINT through Mobile App Hacking

Open Source Intelligence (OSINT) has become an invaluable tool for various fields including cybersecurity, journalism, and law enforcement. Mobile devices, with their ubiquitous presence and rich data stores, represent a treasure trove of information for OSINT practitioners. However, extracting this data effectively often requires more than just conventional methods. Mobile app hacking can significantly enhance the depth and breadth of OSINT data extraction. This blog post explores how mobile app hacking techniques can be leveraged to improve mobile OSINT data extraction.

The Quest for Data: Mobile OSINT

Outside of my professional work, I engage in Mobile Open Source Intelligence (OSINT). This involves gathering intelligence from publicly available sources using mobile devices. Unlike traditional OSINT, my focus is on extracting valuable data from specific, data-rich applications, often employing a hint of hacking for the best results.

The Role of Mobile Apps in OSINT

Mobile apps often have access to a wealth of data, including user profiles, geolocation information, communication logs, and more. Many apps also interact with online services and APIs, which can further enrich the available data. However, much of this information is not readily accessible due to security mechanisms and data protection policies.

It’s like finding a locked treasure chest in your attic — you know there’s something valuable inside, but you just can’t get to it.

Mums the word: A Case Study in App Vulnerability

Several years ago, whilst we had our first child, I encountered an app named MUSH, designed for new mothers to connect and share experiences. Upon my wife’s request to check its security, I discovered that the app stored extensive data on users without proper security measures. This included enough personal information to commit identity fraud.

My findings led to the app being significantly redeveloped, showcasing the critical need for secure app development.

The MUSH application was my first foray into mobile OSINT

How Mobile App Hacking Enhances OSINT

Mobile app hacking involves exploiting vulnerabilities in mobile applications to gain unauthorised access to data. This can uncover hidden data sources and provide deeper insights.

Hacking Tools and Techniques

To break into these “secure” apps, we start with a checklist of essential tools:

Reverse Engineering Tools: APK tool, JD GUI, Hopper disassembler for iOS binaries.

Network Tools: Burp Suite for examining app communications.

See our series on APIs: Medium

Exploitation Tools: Postman, Fiddler for interacting with APIs.

Injection: Using Frida can be invaluable when manipulating apps at runtime

See our blog series on Frida: Medium

Rooting/Jailbreaking: To access the most secure parts of the device.

See our write up on the complexities of jailbreaking with palerain blog: Medium

Accessing Hidden Data:

• Many apps store data locally on the device, which may not be visible through the app’s user interface. By reverse engineering the app, OSINT practitioners can uncover this hidden data.
• Example: Extracting cached files, local databases, and logs from apps.

Intercepting Network Traffic:

• By intercepting the network traffic between a mobile app and its backend servers, valuable data transmitted over the network can be captured and analysed.
• Example: Using tools like Burp Suite to capture HTTP/HTTPS traffic and extract API endpoints, user data, and more. It’s like eavesdropping on a conversation — just, you know, legally and ethically.

Bypassing Security Mechanisms:

• Many mobile apps implement security features like encryption, obfuscation, and authentication to protect data. Hacking techniques can bypass these mechanisms to access protected data.
• Example: Decrypting encrypted data stored in local files or intercepting decrypted data in memory.

Gathering Metadata:

• Metadata from mobile apps can provide contextual information such as app usage patterns, version history, and permissions, which can be valuable for OSINT analysis.
• Example: Extracting metadata to analyse app permissions and infer potential data access capabilities.

Leaky Apps: Unveiling Data Vulnerabilities

In my investigations, I have found several apps leaking critical user data.

These vulnerabilities included:

• Geolocations: Tracking user movements and sign-up locations.
• Profile Images: Downloadable caches of user images.
• User IDs: Leaked identifiers across apps.
• Voice Notes: Cached and easily accessible voice messages.
• User Preferences: Detailed likes and interests.

Examples of user data extracted across multiple applications.

This data can be exploited to construct comprehensive user profiles, making individuals vulnerable to targeted attacks.

Putting the Puzzle Together

Using standard OSINT tools combined with the hacked data, we can build comprehensive profiles. This includes personal details, social connections, employment information, and geospatial analysis of movements. Such data is invaluable for crafting targeted social engineering attacks and phishing campaigns.

Using the tools on this tick list we can use our extracted data to great effect.

Conclusions:

By combining traditional OSINT techniques with hacking, we can uncover significant vulnerabilities, underscoring the importance of robust security in protecting user data.

My explorations highlight the critical need for stringent security measures in mobile apps, indeed it’s imperative security is embedded within the development cycle of applications.

As people are increasingly required to share personal data, developers must prioritise secure coding practices and regular security testing. For users, a cautious approach to app permissions and data sharing is essential.