Android IMAP and SMTP password Hack

Android will expose your IMAP password in wrong hands

Android IMAP password Hack

In: 2FA, Exploit, Social Engineering

Having your android device unlocked will definitely results in password disclosure.

  • Open Your IMAP/SMTP settings.
  • Change address of your SMTP mail server to a computer under your control and make sure "Authorisation" is checked.
  • Fire up netcat, pretend to be a mail server and ask for authorization.
  • Let android try to authentificate and get your victim's password..

The problem is, even Android 7.1 is vulnerable. All you need is someone's phone in your hand, considering it's not locked.

This option should really ask you to re-enter your password prior to a server change.

Stefan Ćertić
Share the Fun!

Sharing is caring, and sharing is easy! made it easy!

Join the talk

Share your toughts on the subject or whatever you would like to know.


Browse blog post by popular tags.

Share Page

Back to Top