[Q/discuss] Securing Download Mode Boot - Galaxy Ace S5830 General

I'm on of those who curious if my Ace got stolen/missing and wanna prevent anyone from flashing via ODIN/download mode. CWM would be a different story for me.
Is there anyway to secure it with an authentication module/additional pre-boot img? 10 key PIN would be wonderful enough to have. I guess it has something to do with creating our own bootloader?

autotomy said:
I'm on of those who curious if my Ace got stolen/missing and wanna prevent anyone from flashing via ODIN/download mode. CWM would be a different story for me.
Is there anyway to secure it with an authentication module/additional pre-boot img? 10 key PIN would be wonderful enough to have. I guess it has something to do with creating our own bootloader?
Click to expand...
Click to collapse
I think you will find that if you get your operator to block the Imei the phone will not usuable what so ever.
Sent from my GT-S5830 using XDA App

Jekle ace that's a really cool idea,,, but india the operators never take actions in case of a stolen phone, they only take action if you are VIP or something, there are hell lot of procedures like filing police complaint filling up loads of forms etc...
i think third party apps like "where's my Droid", or any other good Antivirus cum security system app could come handy in these situations

er.davinder said:
Jekle ace that's a really cool idea,,, but india the operators never take actions in case of a stolen phone, they only take action if you are VIP or something, there are hell lot of procedures like filing police complaint filling up loads of forms etc...
i think third party apps like "where's my Droid", or any other good Antivirus cum security system app could come handy in these situations
Click to expand...
Click to collapse
Never knew that sorry. Yeah where's my Droid is a feasible option but you will need to have GPS and data on as later versions of android aren't allowed to switch on hardware functions
Sent from my GT-S5830 using XDA App

Where's my Droid won't be useful when your SIM is already switched out.

Jekle_Ace said:
I think you will find that if you get your operator to block the Imei the phone will not usuable what so ever.
Sent from my GT-S5830 using XDA App
Click to expand...
Click to collapse
Hi, thanks for all the replies. I'll quote this one.
Really unusable? I didn't know that You mean black listing the IMEI?
Is it unusable after being flashed via Odin and then being inserted a new SIM from another operator? Sorry for a lot of questions.

autotomy said:
Hi, thanks for all the replies. I'll quote this one.
Really unusable? I didn't know that You mean black listing the IMEI?
Is it unusable after being flashed via Odin and then being inserted a new SIM from another operator? Sorry for a lot of questions.
Click to expand...
Click to collapse
Just see how hard out is to change/repair the imei in these forums. Imei blocking is the best way to permanently block the phone from working within the country.
In the UK IPhones which have been reported lost or stolen often get sipped overseas, particularly to the USA where they will usually
work.
Sent from my GT-S5830 using XDA App

Related

Making my phone theft proof

I've just recetly got the sgs2, great phone, but it cost quite a bit hence I'd like to get one or more apps on it to make it completely theft proof.
What do you guys believe are the best apps out there to make your phone theftproof?
Tasker. It will make it theft proof and hundreds of other things!
Sent from my Nexus S using xda premium
NicholasQ said:
Tasker. It will make it theft proof and hundreds of other things!
Sent from my Nexus S using xda premium
Click to expand...
Click to collapse
As good as tasker is, I don't think it's a good choice for an easy solution to security. Theft aware and Cerberus are worth a look
What do u mean theft proof? If you leave it at a restaurant and someone takes it, goes into recovery and wipes it?
Sent from my MB860 using XDA App
benjo1989 said:
As good as tasker is, I don't think it's a good choice for an easy solution to security. Theft aware and Cerberus are worth a look
Click to expand...
Click to collapse
Yea it's not easy but highly customizable. Take a look at brandals guide to tasker profile for phone loss.
Sent from my Nexus S using xda premium
firefox3 said:
What do u mean theft proof? If you leave it at a restaurant and someone takes it, goes into recovery and wipes it?
Sent from my MB860 using XDA App
Click to expand...
Click to collapse
I'm so glad I have a Nexus One. With the newer versions of the BlackRose bootloader, you can't access recovery mode, flash anything, etc until you enter a user defined password
+1 for Theft Aware
firefox3 said:
What do u mean theft proof? If you leave it at a restaurant and someone takes it, goes into recovery and wipes it?
Sent from my MB860 using XDA App
Click to expand...
Click to collapse
Rather the ability to get the device back in my own hands, having my personal information secured is a plus, but I'm mostly concerned about retreiving that expensive piece of phone.
I'll look into the suggested apps, thanks a bunch allready!
Android webkey. You get complete control of your phone from any PC. If your phone is stolen and you want to lock it you get set a pattern lock, or leave a message or go into google maps and see the location. Of course the other person will see this going on so you better hope the thief has it in his pocket when you do this!
How do Tasker and other apps mentioned here help prevent theft?
I'd recommend Avast security - they have an option to install an antitheft onto your root partition so even if someone does a factory reset the app keeps running
And you can make it play a siren, send messages, and track the guy. Best of all - you can uninstall Avast once you got the security thing running.
Firstly, get some software that allows you to track it, send messages, take pictures using the camera etc.
I recommend cerberus, for a one-time-fee of €3 and a free 7 day trial.
Cerberus can also text/email if a non-authorised sim card is used.
Also, change the splash screen and the boot animation.
Changing the splash screen is difficult to do for someone not technical or into phones, so it's unlikely they'll be able to change it. Make sure it includes your name, an alternative number and an e-mail address. That way the phone is basically unsellable if stolen. If you want to sell it, just change the splash screen back.
Lastly the boot animation - also add contact details or make it something non-stock, just to again prove it's yours.
First thing a phone thief will do is removing the battery. Then he goes home and removes sim card. Hooks it up to his computer and wipes off everything.
Then you can buy your phone back on ebay. For a price off course.
Keep your phone in your pocket mate. This is the best advice you will ever get.
Just bought cerberus, and while it's features are more or less the same as theft aware, the support for it is truly amazing. I had a minor issue and emailed them and got a prompt response. Other advantages include support for 5 devices, automatic GPS enabling for rooted users and a nice flashable disguised CWM package
Also FYI, avast bought over theft aware, so look into avast, not the old software. It IS a pain to uninstall the rooted anti theft, but that's a good thing. Avast us? Ore intuitive, but I feel like like it's heavier on the system and there's no web panel, so keep that in mind.
Just try out a few, and pick the one that best fits your needs. FWIW, androidpolice had a mobile security shootout series that you may want to look at.
BEST OF LUCK!
Sent from my SAMSUNG-SGH-I777 using xda premium
avgjoemomma said:
I'm so glad I have a Nexus One. With the newer versions of the BlackRose bootloader, you can't access recovery mode, flash anything, etc until you enter a user defined password
+1 for Theft Aware
Click to expand...
Click to collapse
Sorry to resurrect such an old thread, but I just ran across this mention in my google searches... I am VERY interested in a bootloader password. In the two years since this post, has this idea been carried over to any other Android phones?
ZippyDan said:
Sorry to resurrect such an old thread, but I just ran across this mention in my google searches... I am VERY interested in a bootloader password. In the two years since this post, has this idea been carried over to any other Android phones?
Click to expand...
Click to collapse
My need for the bootloader password back then was to add a layer of security for my data. Device encryption provided by newer versions of Android fulfill my paranoia

Find stolen phone by IMEI number

Hello all,
Sadly, my SGS 2 was stolen at a railway station recently. I had removed the sim from the phone since the battery was low to put it in another phone. So it's lost now without the sim in it.
Is there any way at to track the phone purely by it's IMEI number (which is all I have)??
I'm totally wrecked that it's gone... I didn't have any tracking software loaded on the phone like AndroidLost /Cerebrus or anything of that sort. I did have Avast I think but I'm not sure if that has a tracking feature.I doubt if I can also use that remote installation technique (which one actually really works?) considering there is no sim on it with no net connection on it.
Help from the local police station in filing a lost phone case so that the IMEI can be reported to the network provider has been useless as they both seem to have better things to do and just keep me running in circles.
Is there anything at all left that I can do on my own now? I've seen a lot of sites where they say you can report your IMEI lost phone number and they say they will alert you if it ever comes up. But there seems to be a lot of them out there. Which one would be the most reliable to do this?
Has anyone else done this before with any success. Looking for the best possible information and hopefully some solution to get back my phone. It had so much of my stuff on it and I spent months customizing it. Really regretting now that I didn't take the time to load a tracking software on it.
Thanks for any help or insight anyone can provide.
Firstly, my sympathies. I can imagine how bad it must feel to lose your phone. Have you tried 'Plan B' by Lookout? It'll work if at all the phone is ever connected to a data plan/ wireless network.
Hope it helps.
Sent from my GT-I9100 using xda app-developers app
if cerberus or any other aplication of tracking is dificult...
But good.luck friend.
Enviado desde mi GT-I9100 usando Tapatalk 2
Thanks Haxtreme, I've installed Plan B via Google Play online and I picked my SGS2 device and it said that Plan B will be remotely installed to my phone.
But is this relying on the sim to deploy the software to the phone? I don't remember punching in my IMEI number for my device on the Google Play store at any point. Does it already have the IMEI number? If not, how do I update that on the Play Store so it knows where to remotely install the software to?
Thanks again for your prompt reply!
HAXTREME said:
Firstly, my sympathies. I can imagine how bad it must feel to lose your phone. Have you tried 'Plan B' by Lookout? It'll work if at all the phone is ever connected to a data plan/ wireless network.
Hope it helps.
Sent from my GT-I9100 using xda app-developers app
Click to expand...
Click to collapse
No it uses your Google account not the sim. as long as its got a connection to the internet and is linked to your account, it'll get installed irrespective of whether the sim has been changed or removed. The IMEI and google account are linked the very first time you boot up a phone and it asks you to enter your mail id or create a new one.
The fact that it shows up in your list of devices when you log on to Google play via your desktop itself shows that its still linked and your account hasn't been deleted from the phone.
Sent from my GT-I9100 using xda app-developers app
what if the thief wiped the phone and/or flash another rom?
would plan b still work?
I am interested because ive got my phone stolen too
hhwong said:
what if the thief wiped the phone and/or flash another rom?
would plan b still work?
I am interested because ive got my phone stolen too
Click to expand...
Click to collapse
Now I think prevention is better than cure...
Can anyone guide me to app or tracking system? So that in case my mobile is stolen I can get back
Sent from my GT-I9100 using xda premium
xDa_nightfury said:
Now I think prevention is better than cure...
Can anyone guide me to app or tracking system? So that in case my mobile is stolen I can get back
Sent from my GT-I9100 using xda premium
Click to expand...
Click to collapse
1) u can use 'Avast' antivirus which has 'Anti theft' functionality.
2) u can try some third party apps like 'Cerebrus' from stores and see
Well I am sorry for the loss of your phone but listen buddy... All these software stuff is not really gonna help because i don't believe they can give you any pin point location of the thief. What i did successfully, when my Galaxy Note was lost previous month. I had the original IMEI number and i had contacts in Law Enforcing Agencies of my country. I requested one of my friend there and he asked my IMEI number.Few days later, he informed me that my number is being used by someone and his calls are being tracked. Yet another few days later, he asked me to come by and collect my phone. When i visited his office, i found the thief locked and my cell recovered. The guy told me that while listening to his calls, the thief eventually revealed his location, while giving someone his address for collection of something. So Police caught him at the address. I dont know about your country, but if you have someone in these kinds offices, they can surely help. Thanx
One thing I dont understand is how a cheap GPS system gives mostly an exact global position,but these phones with all them tracking software dont.
Sent from my GT-I9100 using xda premium
theres not alot you can do unless you have a connection in mobile providers so they can track your imei number, if they found a s2 with no sim they would leave it off and use odin or cwm so tracking would be harder
theunderling said:
One thing I dont understand is how a cheap GPS system gives mostly an exact global position,but these phones with all them tracking software dont.
Click to expand...
Click to collapse
I don't think the issue is that the GPS part of the mobile can't locate the position better or worse than a cheap gps system. For tracking a lost phone a well working gps is not enough. You also need a working internet connection and a clear view of the sky in order to get a fix. Like any gps system. It is the combination of this factors that determines the quality of a good tracking configuration.
my thympthies .... i hope u find it
Cenobite_ said:
I don't think the issue is that the GPS part of the mobile can't locate the position better or worse than a cheap gps system. For tracking a lost phone a well working gps is not enough. You also need a working internet connection and a clear view of the sky in order to get a fix. Like any gps system. It is the combination of this factors that determines the quality of a good tracking configuration.
Click to expand...
Click to collapse
Via apps like Cerberus and others you can set your phone to automatically send thief's mobile number via email or sms after they insert new sim. You can remotely get your phone to take pictures and videos (front and back cams), sound recordings. You also create pop up messages on screen (and take pic when they open it), remotely wipe or lock device, install the app as system app and also hide it from app tray.
So a GPS location is just a bonus really.
alvinasnow said:
Well I am sorry for the loss of your phone but listen buddy... All these software stuff is not really gonna help because i don't believe they can give you any pin point location of the thief. What i did successfully, when my Galaxy Note was lost previous month. I had the original IMEI number and i had contacts in Law Enforcing Agencies of my country. I requested one of my friend there and he asked my IMEI number.Few days later, he informed me that my number is being used by someone and his calls are being tracked. Yet another few days later, he asked me to come by and collect my phone. When i visited his office, i found the thief locked and my cell recovered. The guy told me that while listening to his calls, the thief eventually revealed his location, while giving someone his address for collection of something. So Police caught him at the address. I dont know about your country, but if you have someone in these kinds offices, they can surely help. Thanx
Click to expand...
Click to collapse
Well thats it, from now on the first thing I do after unboxing my new phone is to write that god damn IMEI number down right away.....
I guess my phone is just gone now
Oh well......maybe its time to buy galaxy note 2!
hhwong said:
Well thats it, from now on the first thing I do after unboxing my new phone is to write that god damn IMEI number down right away.....
I guess my phone is just gone now
Oh well......maybe its time to buy galaxy note 2!
Click to expand...
Click to collapse
dude its samsung so you have been ****ed one can easily change imei
also u can get imei by calling airtel or your operator and ask them which imei the phone was having :fingers-crossed:
AndroidFreud said:
Hello all,
Sadly, my SGS 2 was stolen at a railway station recently. I had removed the sim from the phone since the battery was low to put it in another phone. So it's lost now without the sim in it.
Is there any way at to track the phone purely by it's IMEI number (which is all I have)??
I'm totally wrecked that it's gone... I didn't have any tracking software loaded on the phone like AndroidLost /Cerebrus or anything of that sort. I did have Avast I think but I'm not sure if that has a tracking feature.I doubt if I can also use that remote installation technique (which one actually really works?) considering there is no sim on it with no net connection on it.
Help from the local police station in filing a lost phone case so that the IMEI can be reported to the network provider has been useless as they both seem to have better things to do and just keep me running in circles.
Is there anything at all left that I can do on my own now? I've seen a lot of sites where they say you can report your IMEI lost phone number and they say they will alert you if it ever comes up. But there seems to be a lot of them out there. Which one would be the most reliable to do this?
Has anyone else done this before with any success. Looking for the best possible information and hopefully some solution to get back my phone. It had so much of my stuff on it and I spent months customizing it. Really regretting now that I didn't take the time to load a tracking software on it.
Thanks for any help or insight anyone can provide.
Click to expand...
Click to collapse
First of all I would like to tell you Avast has a very good anti theft feature (which is completely free by the way) if you had root it does allow nand write(for settings I guess) and integration into your rom(factory reset can't remove it then) only a flash operation can remove it, in settings if you had set friend numbers and safe numbers, the moment an unknown sim is inserted, messages are sent to your friends numbers informing sim change (you will get the the thief's number) also if you had enabled it in settings it will force both data connection and gps on too, you can track the phone with gps precision by sending a message (either via sms or their online portal) with the pin code(details are in their site), you can lock the phone, perform a wipe, sound an alarm many other functions. Avast also has amazing stealth technology and starts at boot, so if you want you can jump the thief because he will be able to see only his balance reducing while you remotely control your phone. The key thing you must do is set friend numbers.
Edit : The only way to bypass this security is flashing a new rom. Also it can't be un installed as it will be set as device administrator which requires password unlock.
Using GT - I9100
Just hit the damn help button if I helped you.
---------- Post added at 01:04 PM ---------- Previous post was at 12:54 PM ----------
I really do hope you had set friend numbers, Avast anti theft was very useful to me as sometimes my little brother "steals" my phone because he adores my s2, and sometimes I get really pissed so i remotely lock it rendering it completely useless, even if the phone is switched off and on it will lock again, unless I type in my pin or remotely grant access the phone will remain locked.
Using GT - I9100
Just hit the damn help button if I helped you.
I lost my galaxy s the previous year and they couldn't find it by IMEI
Sent from my GT-I9100G using Tapatalk 2
Plan B
HAXTREME said:
Firstly, my sympathies. I can imagine how bad it must feel to lose your phone. Have you tried 'Plan B' by Lookout? It'll work if at all the phone is ever connected to a data plan/ wireless network.
Hope it helps.
Sent from my GT-I9100 using xda app-developers app
Click to expand...
Click to collapse
Can you please guide me ....how to aplly "plan B' ....plz tell me the steps
tarunsharma123 said:
Can you please guide me ....how to aplly "plan B' ....plz tell me the steps
Click to expand...
Click to collapse
Go to the play store via your computer. Log in with your gmail id, 'purchase' the plan b app. (Its free) and select the particular device from the list of your devices, if there is one. If your phone is ever connected to the Internet and still linked with your Google account, it'll get downloaded
Good luck.
Sent from my GT-I9100 using xda app-developers app

Gs2 stolen....

Just got back from a heavy weekend at butlins in minehead..... Got my phone stolen. Luckily someone I know sorted me out wit a HTC desire HD. But stil is no where near as good as my s2.
sent from the unknown
Does anyone know what u can/can't do with an S2 that's had its imei number blocked?
I've blocked my stolen galaxy but not sure what u can still do on the phone ... Don't like the thought of someone goin thru all my pics/texts etc...
sent from the unknown
I guess it'll be blocked from accessing any network. That's all. The data on your phone will still be there unfortunately. Use this app called Cerberus with your next phone to prevent such situations. I've been using it since a year and it's brilliant. Allows you to locate your phone and a whole lot more including remotely wiping the phone and SD card and turning on data and WiFi. The lifetime license for 5 devices is a paltry amount too. I'm not advertising the app, it's just something that everybody would do well to have.
In any case, if you had a security lock on your phone then it won't be a problem. The thief or whoever he sells it to will probably just factory reset it. SD card data is another thing though, as it can be removed and opened with a card reader. If your pics were in the internal memory and you had a security lock then it shouldn't be a problem. Messages are stored in the /data partition anyway.
The Desire HD, which I own too, is a brilliant phone. But obviously not as good as S2, being of an older generation. The build quality beats any Samsung phone though. Mine has fallen down hundreds on times and taken many beatings, but other than a scratch here and there it's perfectly fine. :thumbup:
Sent from my Desire HD using xda premium
Did you mistake XDA for your blog?
If you hadn't have blocked it you could have downloaded plan b on it from the play store on your home computer.
Now they can do whatever they like on it except for text people, call people or use 3g etc.
Did you have a screen lock? if so then you may be alright for not having your pics nosed at/downloaded/passed on. If not then your out of luck.
oinkylicious said:
Did you mistake XDA for your blog?
Click to expand...
Click to collapse
First of all his post is relevant to XDA, since he had a S2 and is simply asking questions about the phone. Yes, he should have posted it on the Q and A part of the forum, but it is still relevant.
Not trying to be rude or anything but from most of your posts that I read, all I see is sarcasm. If you don't have anything good to say, don't say it.
With regards,
beston94
beston94 said:
he had a S2 and is simply asking questions about the phone.
Click to expand...
Click to collapse
What were his questions?
Ohhh, the one where he broke the rules again by bumping his own thread after two hours.
oinkylicious said:
What were his questions?
Click to expand...
Click to collapse
Let's get real. It doesn't affect you at all. Agree 100% with beston94.
Anyway, avast mobile security offers very good remote security too!
Sent from my GT-I9100 using Tapatalk 2

Hacked by a phone call mythbust

Hello XDA community
A friend of mine with an android device has been hacked "by a phone call" has he said. The phone number of the believed "attacker" does not exist anymore and seemed to have existed only a few hours. This arose some questions about what I believed. Can some of you tell me what you think about the questions below. If you have some pointers to help me know more about these topics, I would appreciate. If I missed topics on xda forum regarding these questions, please forgive me, and points me to the topic I missed.
1st - Has he really been hacked by a phone call ? In my understanding, as long as you don't activate 3G/4G, your android is just a phone, and thus can just handle duplex audio data. What about exploit targeting the phone application that, with just GSM protocol or payload corruption, can hack your phone ? I thougt this fairly unprobable. Now if 3G/4G is activated, is phone is just a machine on the network, with some ports open, so he is vulnerable. What about exploit that could run over 3G if you accept a call ? Can a vulnerable phone apk enable a hacking of the phone receiving a phone call ?
2nd - How did the attacker procured a phone number without giving its ID papers in france ? Buying a sim card normaly require a valid ID paper like a passport. Is it always the case ? Is it possible to have a mobile phone number without buying a SIM card ?
3rd - Given the recent informations I google on internet, I guess he has been hacked by Stagefright.
As he rooted his device, I would avised him reset to factory device. As a paranoid, I would say this is unsufficient : if his phone is compromised, the attacker could have compromised his recovery too. So I would better say him : flash bootloader if possible, and flash a stock rom then boot into recovery. And after, rune an apk to test if vulnerable to stagefright and a patch to correct.
Than you for your answers
Hi
First I'm sorry that this happened to your friend.
1. In Switzerland, many people was also hacked by a phone call. But he/she only stoled user data (Photos/Music/Videos/etc.) If they had Mobile Data enabled, I don't know.
2. Some country's (like Portugal) hasn't number that are registered with the name of the person. You can simply go to a mobileshop and ask for a SIM-Card and they simply sell it to you (I know it's a really bad thing )
Good luck to your friend restore his phone
Thank me, by hitting the Thanks Button
AnDrOiiiD_YT said:
Hi
First I'm sorry that this happened to your friend.
1. In Switzerland, many people was also hacked by a phone call. But he/she only stoled user data (Photos/Music/Videos/etc.) If they had Mobile Data enabled, I don't know.
2. Some country's (like Portugal) hasn't number that are registered with the name of the person. You can simply go to a mobileshop and ask for a SIM-Card and they simply sell it to you (I know it's a really bad thing )
Good luck to your friend restore his phone
Thank me, by hitting the Thanks Button
Click to expand...
Click to collapse
Hello AnDrOiiiD_YT
Can you communicate some sources about the hacking of people via phone call in switzerland (like neswpaper article, tech article ?)
Thank you
AnDrOiiiD_YT said:
Hi
First I'm sorry that this happened to your friend.
2. Some country's (like Portugal) hasn't number that are registered with the name of the person. You can simply go to a mobileshop and ask for a SIM-Card and they simply sell it to you (I know it's a really bad thing )
Good luck to your friend restore his phone
Thank me, by hitting the Thanks Button
Click to expand...
Click to collapse
You can walk into just about any side store km the states and buy a phone and reg it with any name you want. You would be amazed at the names people use for accounts. Some just leave it blank.
zelendel said:
You can walk into just about any side store km the states and buy a phone and reg it with any name you want. You would be amazed at the names people use for accounts. Some just leave it blank.
Click to expand...
Click to collapse
This can be the case in US. In France on shall provide an ID card to legally buy a SIM card.
bernie.discale said:
This can be the case in US. In France on shall provide an ID card to legally buy a SIM card.
Click to expand...
Click to collapse
Interesting. Im sure you could find away around it if you try hard enough. Which is what he most likely did.
Now When you say someone hacked his phone, how does he know he was hacked? What are the issues that made him think so?
zelendel said:
Interesting. Im sure you could find away around it if you try hard enough. Which is what he most likely did.
Click to expand...
Click to collapse
Yes, probably. I saw a video from a tech university with the POC on how to cheaply buy phone numbers to issue SMS campaign, I don't know if this is still applicable.
Now When you say someone hacked his phone, how does he know he was hacked? What are the issues that made him think so?
Click to expand...
Click to collapse
I had a short conversation with him, and he described applications installing alone, sms sent from his phone... Since I still could not get my hands on the device itself, I agree there is still a doubt on that point. He just remembered a strange phone call some weeks ago, but I am not convinced by the phone call that hacked his phone.
bernie.discale said:
Yes, probably. I saw a video from a tech university with the POC on how to cheaply buy phone numbers to issue SMS campaign, I don't know if this is still applicable.
I had a short conversation with him, and he described applications installing alone, sms sent from his phone... Since I still could not get my hands on the device itself, I agree there is still a doubt on that point. He just remembered a strange phone call some weeks ago, but I am not convinced by the phone call that hacked his phone.
Click to expand...
Click to collapse
To be honest I am as well. Things that he is talking about could not have been set up during a phone call. Unless the person gave enough info that the offender could have hacked into the account. This would allow install of apps. I have a feeling it is something else. A logcat will be able to help determine what is the issue but the best bet is a full wipe, flash and some password changes.
zelendel said:
. A logcat will be able to help determine what is the issue but the best bet is a full wipe, flash and some password changes.
Click to expand...
Click to collapse
A agree with both
bernie.discale said:
Hello XDA community
A friend of mine with an android device has been hacked "by a phone call" has he said. The phone number of the believed "attacker" does not exist anymore and seemed to have existed only a few hours. This arose some questions about what I believed. Can some of you tell me what you think about the questions below. If you have some pointers to help me know more about these topics, I would appreciate. If I missed topics on xda forum regarding these questions, please forgive me, and points me to the topic I missed.
1st - Has he really been hacked by a phone call ? In my understanding, as long as you don't activate 3G/4G, your android is just a phone, and thus can just handle duplex audio data. What about exploit targeting the phone application that, with just GSM protocol or payload corruption, can hack your phone ? I thougt this fairly unprobable. Now if 3G/4G is activated, is phone is just a machine on the network, with some ports open, so he is vulnerable. What about exploit that could run over 3G if you accept a call ? Can a vulnerable phone apk enable a hacking of the phone receiving a phone call ?
2nd - How did the attacker procured a phone number without giving its ID papers in france ? Buying a sim card normaly require a valid ID paper like a passport. Is it always the case ? Is it possible to have a mobile phone number without buying a SIM card ?
3rd - Given the recent informations I google on internet, I guess he has been hacked by Stagefright.
As he rooted his device, I would avised him reset to factory device. As a paranoid, I would say this is unsufficient : if his phone is compromised, the attacker could have compromised his recovery too. So I would better say him : flash bootloader if possible, and flash a stock rom then boot into recovery. And after, rune an apk to test if vulnerable to stagefright and a patch to correct.
Than you for your answers
Click to expand...
Click to collapse
It's not important that the attacker used a real number, he/she could also use something like spoof card.... About your friends problem is he sure that he have got hacked ?
sdeepb said:
It's not important that the attacker used a real number, he/she could also use something like spoof card.... About your friends problem is he sure that he have got hacked ?
Click to expand...
Click to collapse
No we are not sure ATM. I try to reach him, with no success. What could confirm a hack or not (by lets say stagefright ?)
bernie.discale said:
No we are not sure ATM. I try to reach him, with no success. What could confirm a hack or not (by lets say stagefright ?)
Click to expand...
Click to collapse
I don't think there's a way to detect a call stagefright....
Stagefright can't be activated by a call. The phones doesn't access the vulnerable files.
bernie.discale said:
Hello AnDrOiiiD_YT
Can you communicate some sources about the hacking of people via phone call in switzerland (like neswpaper article, tech article ?)
Thank you
Click to expand...
Click to collapse
I didn't found anything, but I think your friend had an app (virus) that needed root access, he granted root access and the app removed those files...
Thank me, by hitting the Thanks Button
zelendel said:
Stagefright can't be activated by a call. The phones doesn't access the vulnerable files.
Click to expand...
Click to collapse
I agree. I think the call has nothing to do with the symptoms he observes... I did not took time to POC stagefright at home, but from what I read it can be done silently via MMS. It's one hypothessis. ATM there ar many. Still don't have news from him. I'll just wait now.
Thank you all for your answers.
If he really thinks it's a stagefright then tell him to verify it, there's an app that can do it
sdeepb said:
If he really thinks it's a stagefright then tell him to verify it, there's an app that can do it
Click to expand...
Click to collapse
The app can verify if he is vulnerable. Can it verify if he has really been hacked ?
bernie.discale said:
The app can verify if he is vulnerable. Can it verify if he has really been hacked ?
Click to expand...
Click to collapse
Being vulnerable can be a big proof itself that he most probably have been hacked
sdeepb said:
Being vulnerable can be a big proof itself that he most probably have been hacked
Click to expand...
Click to collapse
In my experience with Nessus or Nexpose, a vulnerability scan cannot be assessed as a POC. Not being vulnerable certainly prove your immnunity, but the opposite is not true.
bernie.discale said:
In my experience with Nessus or Nexpose, a vulnerability scan cannot be assessed as a POC. Not being vulnerable certainly prove your immnunity, but the opposite is not true.
Click to expand...
Click to collapse
I didn't said that being vulnerable surely means he have got hacked..... But he can be considering the symptoms

Check if Your Note 7 needs to be Replaced(Link)[all countries]

Here it is:
http://cybersvc2.samsungcsportal.com/imei_check
You'll need to enter your IMEI.
Mine says affected
Sent from my SM-N930T using Tapatalk
Mine says it's not
Sent from my SM-N930T using Tapatalk
Root-Maniac said:
Mine says it's not
Sent from my SM-N930T using Tapatalk
Click to expand...
Click to collapse
Lucky fella!
Mine says affected...roll on to 19th for a replacement
Sent from my SM-N930F using Tapatalk
Mines affected as well..
Sent from my SM-N930F using XDA-Developers mobile app
Where did you find that? That site looks shady to me. I'm not entering my IMEI anywhere that isn't on the official Samsung page.
Sent from my SM-N930W8 using XDA Labs
GibMcFragger said:
Where did you find that? That site looks shady to me. I'm not entering my IMEI anywhere that isn't on the official Samsung page.
Sent from my SM-N930W8 using XDA Labs
Click to expand...
Click to collapse
Found via Samsung Hong Kong
My half device is affected lol !
I have duos and one IMEI is saying affected and other not. How come this possible?
dr.ketan said:
My half device is affected lol !
I have duos and one IMEI is saying affected and other not. How come this possible?
Click to expand...
Click to collapse
Same as, primary sim 1 shows as affected, sim slot 2 shows as all is good lol. Id take primary over secondary though
thering1975 said:
Same as, primary sim 1 shows as affected, sim slot 2 shows as all is good lol. Id take primary over secondary though
Click to expand...
Click to collapse
Question is authenticity. How come samsung make this blunder. Samsung don't have track which two IMEI is built on same device? If Primary IMEI is all need to enter then why this information not provided?
dr.ketan said:
Question is authenticity. How come samsung make this blunder. Samsung don't have track which two IMEI is built on same device? If Primary IMEI is all need to enter then why this information not provided?
Click to expand...
Click to collapse
Agreed, seems like they are just throwing things out there to cover themselves legally, its hard to find tools like this from their sites so they seem to be just doing it for the sake of doing it. Seeing as they are recalling all of them anyway it makes no sense unless they were trying to put peoples minds at rest but could back fire if their imei checker is as faulty as some batteries.
Imagine the lawsuits that would come if someone checks there imei and it gives them the all clear, then there phone catches fire.
Currently they are on one big ass covering exercise and not doing a very good job of it either
Only annoying thing about this whole debacle is two hours before they announced a recall i had sold my note 5 lol (with your rom on it of course!!!)
sephhi said:
Lucky fella!
Click to expand...
Click to collapse
It's not all countrys!
thering1975 said:
Agreed, seems like they are just throwing things out there to cover themselves legally, its hard to find tools like this from their sites so they seem to be just doing it for the sake of doing it. Seeing as they are recalling all of them anyway it makes no sense unless they were trying to put peoples minds at rest but could back fire if their imei checker is as faulty as some batteries.
Imagine the lawsuits that would come if someone checks there imei and it gives them the all clear, then there phone catches fire.
Currently they are on one big ass covering exercise and not doing a very good job of it either
Only annoying thing about this whole debacle is two hours before they announced a recall i had sold my note 5 lol (with your rom on it of course!!!)
Click to expand...
Click to collapse
Just a thought!
Total recall policy is doubtful. It will never been clear what exact they will provide with new devices. Just new battery ? If so then certain batch don't have issue will remain same ?
Better Samsung have recalled every device and refunded them it could be wise decision. Later after couple of month may come with N8. They may get little loss but surely emerge with clean image and that would be total profit.
Mine's affected, good thing i took mine back this morning.
those IMEI check tools will be official after replacement take place
so you find out from which batch your new N7 and be rest assured its safe
for now maybe all SDI show's as affected
Mine is affected. No surprise.
Just tried mine.Duos bought in dubai and none of the 2 imeis are affected. in your opinion is this good enough to decide to keep the phone?
batting43 said:
Just tried mine.Duos bought in dubai and none of the 2 imeis are affected. in your opinion is this good enough to decide to keep the phone?
Click to expand...
Click to collapse
nope, not worth the risk,

Categories

Resources