- 1.- Methods to control a mobile phone
- 2.- MDM-based technical hacking architecture
- 3.- Hacker-detective attack scenarios
- 4.- Detection and mitigation best practices
- 5.- Remote control of computers (PCs and laptops)
- 6.- Operational conclusions
Introduction: Remotely taking control of a device—mobile phone or computer—can be achieved through several avenues. The rise of hybrid work and remote-management tools has multiplied the attack surface. Below are the methods tracked by Detective Hacker:
1.- Methods to control a mobile phone
| Method | Platforms | Typical use | Advantages | Limitations |
|---|---|---|---|---|
| Enterprise MDM (Microsoft Intune, VMWare Workspace ONE, Google Endpoint) | iOS / Android | Fleet management, remote wipe, policy push | Log recording, encryption, legal audit support | Requires prior device enrollment |
| Find My Device / Find My iPhone | Android / iOS | Locate, lock, or wipe after theft | Native, free service | Limited features: no “full control” |
| Remote-support software (TeamViewer Mobile, AnyDesk) | Android (full) / iOS (screen-sharing only) | Ad-hoc technical assistance | Interactive session, traceability | User must accept the session each time (iOS) |
| Parental control (Google Family Link, Qustodio) | Android / iOS | Minor supervision | Schedules, app limits, geofencing | Minors only; constant notification to the child |
| Forensic tools (Cellebrite, MSAB, Oxygen) | iOS / Android | Evidence extraction under court order | Comprehensive capture + SHA-256 hash | Restricted to law enforcement or experts |
2.- MDM-based technical hacking architecture
- MDM enrollment
- The phone is registered via Apple DEP or Android Enterprise.
- An MDM profile with push certificates is installed.
- Control channel
- TLS 1.2 over HTTPS 443 to the MDM server.
- JSON/APNS commands (iOS) or FCM (Android) for actions such as
Lock,Wipe, andInstall.
- Logging
- Each action logs:
DeviceID,UserID,CommandUUID,Timestamp,Result. - Logs are retained for 3–5 years in the corporate SIEM (ELK, Splunk).
- Each action logs:
3.- Hacker-detective attack scenarios
| Technique | Action |
|---|---|
| MDM phishing | Sending a fake MDM profile so the victim’s phone enrolls in a server controlled by the attacker. |
| Control-app backdoors | Distributing a malicious APK that mimics AnyDesk or system updates. |
| Internal abuse | Root or admin access to an existing MDM panel to deploy mass commands. |
| Custom spyware | Developing ad-hoc apps that hide and forward data such as geolocation, audio, and messages. |
4.- Mandatory
Review the disclaimer on our website.