- \n
- Handing over the cell phone to the police,<\/li>\n
- Taking it to one of the shopkeepers in the vicinity,<\/li>\n
- Waiting for the owner of the cell phone to reach us, or<\/li>\n
- Looking for solutions that will allow us to reach the owner of our thoughts were, <\/strong>the phone :)<\/li>\n<\/ol>\n
We have listed the order of the options from easy to difficult. Of course, when it comes to technical people, we prefer the last option, partly due to our nature. So we would find the owner of the phone! It sounds great, doesn’t it? But how! :)<\/p>\n
<\/p>\n
<\/h2>\n
We started to examine the phone:<\/strong><\/span><\/h2>\n
![\"\"](\"https:\/\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2022\/09\/analyzing-detective-android--498x295.png\")
<\/a><\/p>\n- \n
- The phone was a smartphone with the Android operating system.<\/li>\n
- The language of the phone was Russian.<\/li>\n
- I don’t remember the brand, but it was one of the Chinese-originated brands.<\/li>\n
- We couldn’t see the exact model information.<\/li>\n
- Judging by the hardware, the phone looked around 3-4 years old.<\/li>\n
- We charged the phone.<\/li>\n<\/ul>\n
<\/p>\n
- \n
- We tried to start the phone:\n
- \n
- It had a SIM card PIN.<\/li>\n
- We removed the SIM card.<\/li>\n
- It had a screen lock. It is a screen lock where we enter a PIN with a PIN code, that is, a PIN consisting of numbers.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
We completed the first phase, the review phase, and our findings were as above.<\/p>\n
Now it was time to find the owner of the phone. (How would you find it if it were you? We will be looking forward to your answers.<\/b>)<\/em><\/p>\n
\nOur thoughts were:<\/span><\/strong><\/h3>\n- \n
- Bypassing the phone’s screen lock:\n
- \n
- Reaching the second number of the owner of the phone, if there is one in the contacts,<\/li>\n
- Otherwise, calling or sending a message to one of the last incoming calls,<\/li>\n
- Sending a message to one of the messages on the phone.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
<\/p>\n
So how would we bypass the phone’s screen lock?<\/b><\/span><\/h2>\n
- \n
- As soon as I picked up the phone, I started trying the simplest and most commonly used PINs,<\/li>\n
- Besides, I tried to understand if there was a measure such as a time-block, and yes, I could not enter a new PIN after 3 incorrect PIN attempts (PIN input field was closed to data entry and I had to wait for a certain time).<\/li>\n<\/ul>\n
We call this prevention account-lockout<\/b><\/em> (I’ll mention details below for those who are curious).<\/p>\n
Therefore, we would not be able to overcome this part with the brute-force attack <\/b><\/em>(I mentioned below).<\/p>\n
<\/p>\n
So what else could we do?<\/b><\/span><\/h2>\n
![\"\"](\"https:\/\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2022\/09\/thnkngandrod-1-621x309.jpg\")
<\/a><\/p>\n- \n
- We could have tried to break the SIM lock of the phone and waited for the call to fall on the SIM, but this would be a little farther for us. Therefore, we turned our focus back to the phone.<\/li>\n
- Then… a very simple but critical feature that I learned in 2018 came to my mind!<\/i><\/li>\n<\/ul>\n
If the device’s WiFi is turned on, and it finds a passwordless modem nearby, it connects directly to that modem!<\/p>\n
Isn’t it great?<\/p>\n
Or do you say, “What does it have to do with?<\/i>” Please don’t be impatient. :)<\/p>\n
<\/p>\n
If the phone is connected to the modem, it is likely that the owner of the phone would have left an SMS to this number or a message to one of the messaging applications installed on this phone (WhatsApp, Telegram, etc.).<\/p>\n
\u201cBut what happens if a message comes after you can’t unlock the screen?\u201d,<\/i> I seem to hear you say.<\/p>\n
At this point, another feature would be a vulnerability for us. \u201cWhat is it<\/i>\u201d, if you say; According to the default feature settings of Android devices, a notification coming to the phone can be partially displayed even if the screen is locked! (It is also possible to see the whole thing by swiping from above.) At worst, we would be seeing the first parts of the incoming notification – message on the wall.<\/p>\n
So let’s get started! :)<\/p>\n
<\/p>\n
![\"\"](\"https:\/\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2022\/09\/messages-are-shown.jpg\")
<\/a><\/p>\n<\/p>\n
We started the action:<\/b><\/span><\/h2>\n
- \n
- We immediately defined a guest connection without a password from the modem. And<\/li>\n
- We pressed the power button on the phone and started watching what was going on with great excitement.<\/li>\n
- And bingo! The phone was connected to the modem and notifications began to come one after another. Then\u2026<\/li>\n
- A message came to WhatsApp: Could you please leave the phone at X Hotel?<\/b><\/em><\/li>\n<\/ul>\n
<\/p>\n
That’s it! We have reached our goal.. :)<\/p>\n
![\"\"](\"https:\/\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2022\/09\/android-wifi-auto-connect.jpg\")
<\/a><\/p>\nFor those wondering how we understood the message, the message was not in Russian, but in Turkish :) Of course, they sent the message in Turkish, since the person who found the phone on the road was much more likely to be a Turkish citizen. Because the story takes place in Turkey.<\/p>\n
After learning the place to deliver the phone (this was a hotel quite close to home), my friend who brought the phone should have experienced this pleasure so he took the phone and set off.<\/p>\n
My friend went to the hotel reception and said that he had found the phone and asked the receptionist friend to call the owner of the phone. The Russian couple who dropped the phone went down from their room with their children, and my friend confirmed that the couple who came in were the same people in the photo on the background of the phone. My friend delivered the phone, they thanked him, and we slept peacefully with this little joy :)<\/p>\n
<\/p>\n
General notes and explanations for some of the parts mentioned above:<\/b><\/span><\/h3>\n
- \n
- This feature of auto-connecting to public WiFi on an Android phone, or the vulnerability in our example, is not unique to Android operating systems, of course, it is also valid in some Windows operating systems.<\/li>\n
- If you ask for my suggestion, you can disable the auto-connect feature according to your operating system, or you can keep the WiFi connection of your phone\/device turned off when you are outside of the safe zones (such as your home, office). In this way, the energy consumption of your phone will also be reduced.<\/li>\n
- Let me answer as you will be wondering right away. If the phone was an iPhone, the phone would not automatically connect to this public WiFi because; This feature is turned off by default on iPhone devices.<\/li>\n
- This feature is thought to be designed for the convenience of users, but as you have noticed, it is quite suitable for use as a security vulnerability. While it was lived for innocent benefit in our example, in a non-ideal world, someone could also use it for data theft (details in the next item).<\/li>\n
- So, what’s wrong with our device automatically connecting to a public WiFi?\n
- \n
- Let’s start by addressing the most critical situation, if the internet access requests made from your device are not provided over SSL – HTTPS, that is, a secure connection, your requests can be monitored via the modem to which the device is connected!<\/li>\n
- What if all requests are made over a secure connection called SSL – HTTPS, is there any privacy issue? Although not as much as in the first option, yes it still exists! This time, it is possible to monitor the server addresses that your device sends requests to – domain, that is, which sites it accesses.<\/li>\n
- If you \u201csay is that all?\u201d, there is a little more like the package size of your request. Friends who want to go deeper into the work can do their research within the scenarios.As an alternative attack method, our target user may be exposed to a protocol-downgrade attack. How, if you say; If the SSL configuration is not done correctly on the relevant website, the attacker may send you your connection as http:\/\/ instead of https: and may cause your requests to continue without SSL – secure connection, and thus monitor all your internet activities.<\/li>\n<\/ul>\n<\/li>\n
- Yes, notification contents on Android devices are turned on by default even when the screen is locked, so how can we hide these contents, the answer to the question > here it is.<\/strong><\/a><\/li>\n<\/ul>\n
![\"\"](\"https:\/\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2022\/10\/Screenshot_782.png\")
<\/a><\/p>\n
\n<\/h2>\n
Cross references:<\/span><\/h2>\n
- \n
- Brute-force attack:<\/b> In this attack method, when the attacker does not have the key information of the targeted system, the method in which he tries to find the key by trial and error is called a brute force attack. In the example above, my attempt to unlock the phone’s PIN, such as 1234, 4321, 1212, in order, is an example of a brute force attack.<\/li>\n
- Protocol-downgrade attack:<\/b> Let’s get the full definition from Wiki, let me give an example.Wiki<\/a> says for the definition of this attack:A <\/i>downgrade attack<\/i><\/b>, also called a <\/i>bidding-down attack<\/i><\/b> or <\/i>version rollback attack<\/i><\/b>, is a form of <\/i>cryptographic<\/i><\/a> attack on a computer system or communications protocol that makes it abandon a high-quality mode of operation (e.g. an <\/i>encrypted connection<\/i><\/a>) in favor of an older, lower-quality mode of operation (e.g. <\/i>cleartext<\/i><\/a>) that is typically provided for backward compatibility with older systems.<\/i>Example: The link address of a website you are accessing is: https:\/\/site.com\/tada. Again, if you can access this website as http:\/\/site.com\/tada (non-SSL), a possible scenario is that an attacker will easily direct you to this link with a phishing message that will be sent to you and, according to the example above, they will be able to monitor your internet traffic.<\/li>\n
- Account-lockout: <\/b>There are two variants of this security measure. Soft-lock and hard-lock. Soft-locked is a temporary account lockout measure, while hard-locked; Permanent account lockout. If you say \u201cSahin, tell us about real life\u201d. Now! Temporary locking of the screen in the scenario where you repeatedly enter the wrong mobile phone PIN or computer power-on password is an example of soft-locked, and hard-locked means that your account will be completely locked after 3 consecutive wrong entries to your bank account and can only be opened by bank officials. This is an example of a permanent lock.<\/li>\n<\/ul>\n
<\/p>\n
Last word:<\/b><\/span><\/h2>\n
If you think that there is a wrong instruction in the information mentioned in the article, or if I were you, I would do this, friend!<\/em> If there is a part that you say, please share your valuable ideas below, I wish you well.<\/p>\n
Stay with love,<\/i><\/p>\n
Safe days.<\/i><\/p>\n
<\/h2>\n
Thanks:<\/b><\/em><\/span><\/h2>\n
Thanks to Aysenur Burak for her translating helping..<\/em><\/p>\n
.<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Greetings friends, After a long time, I wanted to share a little memory with you. I hope it will be an enjoyable article that you can read easily in a few minutes and will not tire you technically. :) It was about 7-8 months ago. While walking home, my friend found a cell phone on […]<\/p>\n","protected":false},"author":1,"featured_media":2059,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"enabled":false},"version":2}},"categories":[691,1],"tags":[],"class_list":["post-2056","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","category-genel"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2022\/09\/lost-phone.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4sbm9-xa","jetpack-related-posts":[{"id":690,"url":"https:\/\/sahinsolmaz.com\/blog\/plesk-error-there-are-no-available-resources-of-this-type-left-requested-1-available-0\/","url_meta":{"origin":2056,"position":0},"title":"PLESK Error: There are no available resources of this type left. Requested: 1; available: 0.","author":"SahinSOLMAZ","date":"20 A\u011fustos 2014","format":false,"excerpt":"Merhabalar, Bir g\u00fcn siz de Plesk Panel 'de a\u015fa\u011f\u0131daki hatalardan birisi ile kar\u015f\u0131la\u015fabilirsiniz, \u00f6zellikle yeni kurulum yapt\u0131ysan\u0131z e\u011fer. A\u015fa\u011f\u0131daki hatalara \u015f\u00f6yle bir bakt\u0131\u011f\u0131n\u0131zda (biraz da yabanc\u0131ysan\u0131z) size epey korkun\u00e7 gelebilir ama hay\u0131r hay\u0131r, endi\u015fe etmeyin problem \u00e7ok basit; Plesk lisans\u0131n\u0131 y\u00fcklemediniz ya da s\u00fcresi doldu!\u00a0(: Dilerseniz Plesk i\u00e7in demo lisans\u2026","rel":"","context":""Genel" i\u00e7inde","block_context":{"text":"Genel","link":"https:\/\/sahinsolmaz.com\/blog\/category\/genel\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":951,"url":"https:\/\/sahinsolmaz.com\/blog\/centos-php-memcache-nasil-kurulur-how-to-install\/","url_meta":{"origin":2056,"position":1},"title":"CentOS – PHP MemCACHE Nas\u0131l Kurulur? How to install?","author":"SahinSOLMAZ","date":"12 Mart 2015","format":false,"excerpt":"Geli\u015fmi\u015f cache\/\u00f6nbellekleme\u00a0 sistemlerinden olan MemCACHE kurulumu CentOS sunucular i\u00e7in nas\u0131l yap\u0131l\u0131r? Gelin en pratik yoluna bir bakal\u0131m: PHP MemCACHE Nas\u0131l Kurulur? How to install PHP MemCACHE? \u00a0 # yum install memcached.x86_64 php-pecl-memcache.x86_64 OR\u00a0 \u00a0# yum install memcached php-pecl-memcache\u00a0 \u00d6rnek \u00e7\u0131kt\u0131:Sample outputs:Loaded plugins: fastestmirror, security Setting up Install Process Loading mirror\u2026","rel":"","context":""CentOS" i\u00e7inde","block_context":{"text":"CentOS","link":"https:\/\/sahinsolmaz.com\/blog\/category\/sunucu\/centos\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":701,"url":"https:\/\/sahinsolmaz.com\/blog\/solved-error-file-contains-no-section-headers-file-fileetcyum-repos-d9xhost-repo-line-1-enabled1n\/","url_meta":{"origin":2056,"position":2},"title":"SOLVED – Error: File contains no section headers. file: file:\/\/\/\/\/etc\/yum.repos.d\/9xhost.repo, line: 1 ‘enabled=1\\n’","author":"SahinSOLMAZ","date":"1 Eyl\u00fcl 2014","format":false,"excerpt":"Merhabalar, Sorun da problem de olduk\u00e7a a\u00e7\u0131k ve vakit az oldu\u011fu i\u00e7in,\u00a0bu sefer h\u0131zl\u0131 bir payla\u015f\u0131m olacak: yum\u00a0konfig\u00fcrasyon\u00a0hatas\u0131 ve \u00e7\u00f6z\u00fcm\u00fcne a\u015fa\u011f\u0131dan ula\u015fabilirsiniz; # yum update Loaded plugins: fastestmirror, protectbase, security Error: File contains no section headers. \u00a0file:\/\/\/\/\/etc\/yum.repos.d\/9xhost.repo, line: 1 'enabled=1\\n' \u00a0 open file:\u00a0etc\/yum.repos.d\/9xhost.repo and full replace \u00a0 [dag]name=DAG RPM Repositorybaseurl=http:\/\/apt.sw.be\/redhat\/el$releasever\/en\/$basearch\/daggpgcheck=1enabled=1","rel":"","context":""Genel" i\u00e7inde","block_context":{"text":"Genel","link":"https:\/\/sahinsolmaz.com\/blog\/category\/genel\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1967,"url":"https:\/\/sahinsolmaz.com\/blog\/ssl-pinning-bypass-for-android-apps-on-windows\/","url_meta":{"origin":2056,"position":3},"title":"SSL Pinning Bypass for Android Apps on Windows with Frida","author":"SahinSOLMAZ","date":"28 Haziran 2022","format":false,"excerpt":"after a long time hi again everyone! recently, one of my friend has needed to test an Android application as detailed (checking its API requests). and asked me this need's solution. then I did a test for SSL pinning bypass for an Android application on Windows with Frida. now I\u2026","rel":"","context":""CYBER SECURITY" i\u00e7inde","block_context":{"text":"CYBER SECURITY","link":"https:\/\/sahinsolmaz.com\/blog\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2022\/06\/Screenshot_615.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2022\/06\/Screenshot_615.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2022\/06\/Screenshot_615.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2022\/06\/Screenshot_615.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2022\/06\/Screenshot_615.png?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":290,"url":"https:\/\/sahinsolmaz.com\/blog\/ssh-ile-plesk-10-11-admin-sifresi-ogrenme-plesk-admin-sifremi-unuttum\/","url_meta":{"origin":2056,"position":4},"title":"SSH ile Plesk 10 & 11 Admin \u015eifresi \u00f6\u011frenme – Plesk admin \u015fifremi unuttum","author":"SahinSOLMAZ","date":"3 Mart 2013","format":false,"excerpt":"Herkese Merhabalar, Plesk Panel giri\u015f \u015fifrenizi unuttu\u011funuzda SSH \u00fczerinden 1 sat\u0131rl\u0131k kod ile mevcut \u015fifrenizi g\u00f6r\u00fcnt\u00fcleyebilirsiniz. G\u00fcncel versiyonlar i\u00e7in yaz\u0131n\u0131n devam\u0131na bak\u0131n\u0131z. \u00a0 Forgot your password? (\u015eifrenizi mi unuttunuz?) butonuna t\u0131klayarak yeni a\u00e7\u0131lan sayfaya kullan\u0131c\u0131 ad\u0131 ve mail adresinizi girerek \u015fifrenizi talep etti\u011finizde Plesk 11 g\u00fcvenlik nedeni y\u00f6netici \u015fifresini g\u00f6ndermeyi\u2026","rel":"","context":""Plesk Panel" i\u00e7inde","block_context":{"text":"Plesk Panel","link":"https:\/\/sahinsolmaz.com\/blog\/category\/sunucu\/sunucu-panelleri\/plesk-panel\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":752,"url":"https:\/\/sahinsolmaz.com\/blog\/gmail-hacklendi-5-milyon-mail-sifresi-yayinlandi-eylul-2014\/","url_meta":{"origin":2056,"position":5},"title":"Gmail Hack’lendi! 5 Milyon Mail \u015eifresi Yay\u0131nland\u0131! – Eyl\u00fcl 2014","author":"SahinSOLMAZ","date":"11 Eyl\u00fcl 2014","format":false,"excerpt":"\u0130nsanl\u0131\u011f\u0131n varolu\u015fundan beridir s\u00fcregelen iyi ve k\u00f6t\u00fc kavram\u0131 hayat\u0131n her alan\u0131nda oldu\u011fu gibi, g\u00fcn\u00fcm\u00fczde geli\u015fen teknoloji de bu konuya\u00a0dahil.. - Rus Hacker 'lar taraf\u0131ndan hacklenen yakla\u015f\u0131k 5 Milyon GMAIL kullan\u0131c\u0131 ad\u0131 ve \u015fifresini i\u00e7eren \u00a0Gmail.txt adl\u0131 dosya 09 Eyl\u00fcl (09.10.2014 ) tarihinde internette yay\u0131nland\u0131. Dosya ilk yay\u0131nland\u0131\u011f\u0131 an bilgilerin tamam\u0131\u2026","rel":"","context":""A\u00e7\u0131k" i\u00e7inde","block_context":{"text":"A\u00e7\u0131k","link":"https:\/\/sahinsolmaz.com\/blog\/category\/guvenlik\/acik\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2014\/09\/gmail-hacklendi-rus-hackerlar-2014-eylul_user-pass2.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2014\/09\/gmail-hacklendi-rus-hackerlar-2014-eylul_user-pass2.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2014\/09\/gmail-hacklendi-rus-hackerlar-2014-eylul_user-pass2.jpg?resize=525%2C300&ssl=1 1.5x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/posts\/2056","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/comments?post=2056"}],"version-history":[{"count":8,"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/posts\/2056\/revisions"}],"predecessor-version":[{"id":2077,"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/posts\/2056\/revisions\/2077"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/media\/2059"}],"wp:attachment":[{"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/media?parent=2056"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/categories?post=2056"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/tags?post=2056"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Protocol-downgrade attack:<\/b> Let’s get the full definition from Wiki, let me give an example.Wiki<\/a> says for the definition of this attack:A <\/i>downgrade attack<\/i><\/b>, also called a <\/i>bidding-down attack<\/i><\/b> or <\/i>version rollback attack<\/i><\/b>, is a form of <\/i>cryptographic<\/i><\/a> attack on a computer system or communications protocol that makes it abandon a high-quality mode of operation (e.g. an <\/i>encrypted connection<\/i><\/a>) in favor of an older, lower-quality mode of operation (e.g. <\/i>cleartext<\/i><\/a>) that is typically provided for backward compatibility with older systems.<\/i>Example: The link address of a website you are accessing is: https:\/\/site.com\/tada. Again, if you can access this website as http:\/\/site.com\/tada (non-SSL), a possible scenario is that an attacker will easily direct you to this link with a phishing message that will be sent to you and, according to the example above, they will be able to monitor your internet traffic.<\/li>\n
- Brute-force attack:<\/b> In this attack method, when the attacker does not have the key information of the targeted system, the method in which he tries to find the key by trial and error is called a brute force attack. In the example above, my attempt to unlock the phone’s PIN, such as 1234, 4321, 1212, in order, is an example of a brute force attack.<\/li>\n
- Bypassing the phone’s screen lock:\n
- We tried to start the phone:\n
![\"\"](\"https:\/\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2022\/09\/analyzing-detective-android-.png\")
<\/a><\/p>\n