Even better than sending a message, you can just post one over their profile, and next time they log in you can see the HTTP referrer for the image - and thus understand which user has the IP that tried to load it.
Having a router compromised next to their network allows you to sniff wifi promisciously, like wireshark does. You can see the channels nearby - and even if they dont leave by the network close to their geoIP, they go through it. Once they surf to an HTTP site under epicmafia, you can confirm theyre the person you're trying to hack. One of them, is lucid's bad implementation of a youtube embed - Mine is loaded HTTP, thus readable via promiscious network sniffing. After confirming they're them, you can load a different HTML page from their router, denying the original service, and instead loading a StageFright module into their device. StageFright v2.1, currently open, is operating on 70% of vendor devices up to December 2016 ( again, the same report says ). You now have a working worm executting code inside of any single EM user; limitted by stagefright, that only works on android and certain IOs releases inside the sandbox. That means, you can hack anyone who goes to EM over phone.
You can probably find people's rough locations via EM user simply. Send them an image hosted on a private server, then see whats the IP visitting. Use geoIP, you got yourself where they live.
You can probably find people's gmail via their EM account. Make a forum post with cached gmail profile images, see which one is loaded via cache ( via a private proxy, the links are dynamic links to an image that redirects from a private server ) - and you know which one they likely own.
If you have their email and their location, chances are you can target a router next to them. Use apple's BSSID to location router IP services, and scan the IP's in UPNP / telnet / default login credential from outside interface, Checkpoint's paper shows 27% of the time it works every time with the 10 most common password ( mostly bottlenecked by the amount of support interfaces implemented by routers to outside companies, rather than security measures ).
deletedover 7 years
Don't mind me, I'm just downvoting all the comments, including this one.