Attackers could procure the precise location of mobile devices and other device details.
Mobile devices could have their geolocation unmasked through the use of the new Seeker tool.
According to Cybernews, Seeker was developed by offensive mobile security researcher thewhiteh4t, and could allow malicious actors to choose templates mimicking legitimate websites, such as Google Drive, Telegram, and WhatsApp.
Approving such permissions allows attackers to not only procure the precise location of mobile devices but also other device details, including operating system, browser, platform, and GPU vendor information. Attackers could also leverage the tool on devices with a Linux terminal.
"This tool is a Proof of Concept and is for Educational Purposes Only,” said thewhiteh4t. “Seeker shows what data a malicious website can gather about you and your devices and why you should not click on random links and allow critical permissions such as Location, etc."
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
