As smartphones become an integral part of our daily lives, cybercriminals continue to devise new and sophisticated techniques to gain unauthorized access to these devices. Remote access attacks have become prevalent, with attackers exploiting vulnerabilities in the operating system or user behavior to gain access to sensitive information. In this study, we conducted penetration testing of remote smartphone access using CamPhish, Storm Breaker, and Ghost Framework. CamPhish is a phishing tool that allows attackers to create fake websites that prompt victims to provide personal details that give access to the victim’s smartphone front camera. Storm-Breaker tool which allows hackers to gain access to the victim’s location, camera, and microphone remotely. Ghost Framework is another remote access tool that enables attackers to perform various malicious activities on a victim’s device. Our tests were conducted on smartphones running Android operating systems. Our findings showed that all three frameworks successfully gained remote access to the target devices. Storm Breaker was the most effective regarding the range of malicious activities that could be performed. The results of this study underscore the need for smartphone users to remain vigilant and take proactive steps to secure their devices. Implementing security measures such as strong passwords, two-factor authentication, and avoiding clicking on suspicious links can help prevent remote access attacks. In conclusion, this study highlights the importance of regular security testing and the need for individuals and organizations to remain vigilant against potential cyber threats targeting smartphones. Users can protect themselves from unauthorized access and safeguard their sensitive information by taking proactive steps to secure their devices.