Kali Linux is a tool that’s well suited to pen testing, and this extends beyond the usual arena of IT security research and ethical hacking.
Making use of this distro to tinker with phone numbers and text messages is an excellent example of this, and can be useful for businesses that want to protect themselves from malicious third parties that might seek to interfere with their telephony setup.
You need to know a few things about making the most of Kali Linux’s abilities in this arena before you dive in, so here are the main talking points to consider and some advice on where to get started.
SMS verification can be simplified
A straightforward yet effective tool known as Fake SMS is able to streamline the kind of verification solutions which are commonplace for various services today.
As the name suggests, you’ll be able to generate fake phone numbers which can receive messages, acting as a proxy for a genuine mobile device.
Use of this tool is not wise if you’re looking to handle individual transactions, such as from your personal banking provider. Like many Kali Linux bolt-ons, it’s best for experimenting with in-house security, probing for vulnerabilities, and testing the viability of SMS verification in the face of criticism.
Phone numbers can be extracted from email info
Kali Linux supports a tool that is capable of taking an email address and extrapolating a phone number from it using brute force methods.
The vulnerabilities being exploited here lie in the way that websites that have phone numbers attached to user accounts allow for password reset requests to be generated, using correlation of public data.
How to get a second phone number (and keep your primary number private)
Using a mainstream VoIP service, or choosing a Google Voice alternative, is a good way to generate and use additional numbers that all redirect to the same endpoint, whether that’s a landline, a desktop workstation, or a mobile device.
If you’re using Kali Linux for pen testing, having a secondary phone number is useful because it means you can get a geographic number assigned even if you aren’t based in the part of the world you’re targeting. This gives you an alternative to using tools like the aforementioned Fake SMS.
Social engineering is still the preferred method for duping targets and extracting data
Often the way that pen testers make use of Kali Linux to subvert phone security and intercept SMS communications or mess with call forwarding is by using social engineering-led attacks.
For example, sending out emails with spoofed addresses so that the recipient thinks that they are from a legitimate source in order to extract their phone number from them is commonly put into practice.
There are also SMS tools like XGnokii, and locally installable solutions like Mspy which enable additional spoofing and interception, once a user’s number is known or their device has been compromised in another way.
It’s basically an indication that a combination of tactics and solutions will lead to the best results for the purposes of ethical hacking, with Kali Linux putting all this and much more at your fingertips.
Ideally, with the help of Kali Linux and its capabilities relating to phone numbers and SMS texts, you’ll be able to find flaws in security systems and practices you’re currently using, so that these can be fixed.
Training team members to detect suspicious activity and recognize social engineering attacks is also vital, because tech can only go so far to protect modern businesses.