Security & Android Expert for Android Remote Access Tool
C3O2 is an startup IT security company located in the heart of Toronto, Canada. C3O2 focuses on providing its client non-traditional Penetration Testing and Security Auditing. Currently C3O2 is involved in the research with University of Waterloo Computer Science department on the Issue of "Mobile Security".
We are currently seeking a individual how can program both Client Side (Android App) and Server side remote Access tool.
The Idea is to make an App which once installed on the victim's phone does not need any configuration and Sends Information to the Server. The goal of the application is to give the control of the android system remotely and retrieve information from it.
Q: What Technical Features Should the app have?
1. The android application run as a service(not an activity) that is started during the boot. So the user does not need to interact with the service.
2. Once Installed. The App should be completely invisible, no Icon should be on the screen.
3. The app should be named something like "Google Services" so that the victim may not get confused if he sees it in the "Apps Running" area.
4. The Server settings should be pre-configured in the app, that means there should be no need to enter the Ip upon loading the app.
5. The app should maintain its connection with the server and continuously send logs and activities made by the user.
Q) What functionally should the RAT have?
Get contacts (and all theirs informations)
Get call logs
Get all messages
Location by GPS/Network
Monitoring received messages in live
Monitoring phone state in live (call received, call sent, call missed..)
Take a picture from the camera
Stream sound from microphone (or other sources..)
Streaming video (for activity based client only)
Do a toast
Send a text message
Open an URL in the default browser
Do vibrate the phone
Q) What about the server side of the RAT should look like?
Ans: Upon launching the server. It should have a Main GUI with all the Clients in a list. This is the main GUI will have all the clients connected appears. The list should be dynamically updated when a new client connects or is disconnected. Moreover a log of all connections and global informations should be shown in the log panel at the bottom of the window. A simple double-click on a client open his window to interact with him.
Q) What would the client tab look like?
Ans: All the actions with client can be made in the client window which should be articulated around tabs. The default tab should be called Home and provide various functionalists. All the informations about the client like sim info, battery info, network info, sensors info etc should be displayed in a very nice manner with a attractive GUI. On the right there should be the options which allow remotely to change the configuration of the client like the ip and port to connect to, either or not wait a trigger to intent server connection etc. lastly quick actions can be performed in this tab like a toast message, do vibrate the phone or open an URL. This is just an Idea, you can make it more functional using your expertise.
If you have absolutely no knowledge about security, then please dont apply to this job. Every other Applicant is requested to read this posting twice and apply with a cover letter explaining how will you perform this job and why should we hire you?
Skills: research, science, gps, video