Hi all, I'm doing my thesis on mobile malware & botnets.

The goal of project is to find ways of gaining full control over a smartphone remotely and suggest countermeasures.

I've been experimenting with BeEF and hooking the browser on my iPhone - can do some cool stuff but it is not full control (plus the hook script is flushed out when you browse to a new domain!).

Ideally, i want to find a way of executing the Metasploit Meterpeter payload (osx/armle/meterpreter/reverse_tcp) on iPhone and/or android 4.2 handset but most of the resources I can find are about 'installing Metasploit on your iPhone' rather than using it to actually exploit it. I did come across Charlie Millers work where he exploited a flaw in the Apple app store code signing and got Meterpreter shell running - but this is not reproducible.

If you guys have any resources or suggestions (even if not involving Metasploit) please share! Thanks