USSD Exploit - EVO 3D is vulnerable - HTC EVO 3D

I just tested this with a harmless test page with my GSM 3D EVO, and, using the stock browser, the USSD code was executed immediately without asking for confirmation (in this case the test page only used the USSD code for IMEI number, so no big deal). I am using one of the popular ICS+Sense based ROMS from the GSM section, but this will probably affect all the ROMs derived from the official HTC ICS update.
Not too concerned because I use Chrome (which is not affected by the exploit), but this is one more reason to wait anxiously for CM10 to be ready.:laugh:

I ran the test link on this page on my CDMA Evo 3D and it doesn't seem to be affected, but I'm using the default browser from MeanROM ICS 2.6 which is different from the stock ICS browser. My impression from reading a couple articles on this exploit is that it only affects GSM phones.
ramjet73

Just ran the exploit with the default browser in SOS 2.6.1 and it works. Strange since it's based on Mean.
... with Tapatalk 2

Ok so my phone can automatically do a factory reset, bigger deal if you are stock with no backup, that's why nandroids are so important
Signature (Don't ask me for help, couldn't careless if your phone explodes)

On SOS 2.6.1, stock browser and my phone does not seem to be affected.
Checked it through this website http://dylanreeve.com/phone.php
If your phone is vulnerable to the recently disclosed tel: URL attack then this website will cause your phone to open the dialler and display the IMEI code. With other USSD codes it could do any number of other things, including wipe all phone data.
You can find some more information and a simple workaround here: http://dylanreeve.posterous.com/remote-ussd-attack
What does it all mean?!
If visiting this page automatically causes your phone's dialler application to pop up with *#06# displayed then you are not vulnerable. If, however, the dialler pops up and then you immediately see your phone IMEI number (a 14- or 16-digit number) then you are potentially vulnerable to attack.
Click to expand...
Click to collapse

It seems only gsm phones are effected, unfortunately I am in that category, I believe it would be more of an issue if you run a stock phone.
signature( don't ask me for help, as could care less if you phone explodes)

flashallthetime said:
It seems only gsm phones are effected, unfortunately I am in that category, I believe it would be more of an issue if you run a stock phone.
Click to expand...
Click to collapse
From the article linked in my post above:
In conclusion, what is the risk to my phone?
The risk is that, upon visiting a website, a USSD code could begin running in the background, which is undoubtedly a serious breach of security. However, you shouldn't panic just yet: so far, no cases in the wild are known where this security breach has been exploited.
Click to expand...
Click to collapse
ramjet73

We all knew things like this would come to our phones. Members of XDA used to push better security programs for our phones back in the day. I'm tellin ya. Firewalls are going to be a real thing on our phones soon.

Yes I love the fact that miui has a built in firewall app. Always better safe than sorry.
Sent from my PC36100 using xda app-developers app

It seems that even if our Evo 3d shows up the IMEI code when visiting one of the many test pages, we are quite safe from the really harmful codes.
See here for a more detailed explanation.
I tested the factory reset code from the dialer (after a Nandroid backup, of course!!!) and it does not execute on my phone. :good:

I found this article talking about the samsung gallaxy s3 problem. There is also a link in the article to an app in the play store block the USSD codes from executing at all. I tested the app on my phone and it did stop the USSD codes I tested.
Article:
http://www.pcworld.com/article/2010867/samsung-android-hole-also-leaves-sim-cards-vulnerable.html
App:
https://play.google.com/store/apps/details?id=org.mulliner.telstop

Is there a good fire wall app for evo 3d until such a firewall can be integrated with our phones?

I got an update for avast antivirus and apparently the USSD exploit is patched in the update

Related

Security Measures?

Iv lQQked but either in the wrong place or its not here. Was wondering what's the best possible security measures HTC EVO 4G LTE rooted owners could take for our devices. I ran into sumn called "zAnti" but haven't done further research on said app. Thanks!
Sent from my EVO using xda premium
So what exactly are you trying to secure?
Best security as far as Android goes is encrypting the device and setting a Pattern Unlock (Make sure you wipe your screen frequently)
Cerberus from the amazon app store (cheaper then play)
Sent from my htc_jewel using xda app-developers app
Kcarpenter said:
So what exactly are you trying to secure?
Click to expand...
Click to collapse
My thoughts exactly.
Sent from my EVO using Tapatalk 2
Iv read that ppl w/advance knowledge of computers could piggyback your tethered connection and easily get most if not all information from your phone. Iv tried an app called AdbToggler but its conflicting with superSU or something. You can never be too secured but it helps knowing you can get pretty darn close and how to do so. Lol
Sent from my EVO using xda premium
Security is always an illusion.
Just be safe about the apps you install.
Try not to install them from 3rd parties unless you really trust them (Amazon, GetJar, a recognized XDA developer).
If a hacker really wants the info on your phone bad enough, they'll get it.
You take risks with rooting a phone, less security is one of them.
William said:
Iv lQQked but either in the wrong place or its not here. Was wondering what's the best possible security measures HTC EVO 4G LTE rooted owners could take for our devices. I ran into sumn called "zAnti" but haven't done further research on said app. Thanks!
Sent from my EVO using xda premium
Click to expand...
Click to collapse
zAnti is a security researcher's tool that can do some minor pentesting actions (network discovery, port scans, exploit vuln checks). Think of it like a baby Nessus. It does not really do anything on it's own to secure the Android OS. As far as securing you device, the answer is fairly simple and is the same with anything:
1) Authentication: Secure the lockscreen with at least a PIN or pattern (I recommend a password). Face Unlock is a joke and the basic lockscreen is by no means secure...
2) Install an anti-virus app. I personally use BitDefender, because it has a full suite of options, including GPS tracking and remote wipe.
3) Optionally, use a firewall or manually configure iptables, if you know how.
4) Don't install anything that you are not sure what it does or have any questions as to it's safety.
5) Be aware of exactly what is on your device... all software, scripts, etc.
6) Physical Access == Pwned. If a malicious party has physical access to your device, all bets are off.
As far as security goes, common sense goes a long way.
I just use Avast! both on my laptop and on my phone, it works great!
There's a list of text commands you can send your phone, it's pretty cool! Also with root users there's more options for security.

[VULNERABILITY?] Remote wipe via iframe USSD trigger

I wanted to add a post here due to the severity of the bug. (Original post here: http://forum.xda-developers.com/showthread.php?t=1904629).
I've tested with *#*#4636*#* and nothing is displayed on my dialer, as it does when you type the code in now (4.0.3 latest release from Verizon). Trying with other numbers leave the numbers in the dialer. Tested with FF and Chrome. Stock dialer.
Does anybody know any safe codes we can try to confirm or deny that this vulnerability could also affect HTC phones?
Edit: I was able to launch the HTC Function Test ( *#*#3424#*#* ) using this method. If there is a reset code I would bet it is exploitable.
Edit 2: I found a list of codes here: http://forum.xda-developers.com/showthread.php?t=1683634 which could also be tested.
Also sample HTML for you to test (will bring up the HTC Functions Test as if *#*#3424#*#* were entered in the dialer):
HTML:
<frameset>
<frame src="tel:*%23*%233424%23*%23*">
</frameset>
Place in an HTML file, host it somewhere. I wouldn't trust ANYONE's links unless you are prepared for the worst.
If somebody with the official VZW rom is brave enough to test out the factory reset codes we can narrow the scope of this down.
killsforpie said:
I wanted to add a post here due to the severity of the bug. (Original post here: http://forum.xda-developers.com/showthread.php?t=1904629).
I've tested with *#*#4636*#* and nothing is displayed on my dialer, as it does when you type the code in now (4.0.3 latest release from Verizon). Trying with other numbers leave the numbers in the dialer. Tested with FF and Chrome. Stock dialer.
Does anybody know any safe codes we can try to confirm or deny that this vulnerability could also affect HTC phones?
Click to expand...
Click to collapse
this bug is being reports for Samsung TouchWiz devices only. we are safe.
Sorry, but you are very very ill-informed.
This bug affects all android devices. We have two problems here, 2 leads on from 1.
1) Does the device launch USSD (or other similar codes) from the browser automatically (Most stock diallers will do this, certainly both Samsung and HTC DO!)
2) Does the device has a USSD (or similar code) that allows for the device to be wiped without confirmation (most samsung and htc devices do! although the code to trigger it can vary from device to device)
Samsung and Stock Google have patched this in recent builds, so if your up-to-date you should be safe, however no evidence has been obtained to show that HTC is safe (or even knows of the problem).
In short, if there is a code to wipe your device then you most likely vulnerable
*#06# shows imei on HTC, an here is page where you can make sure HTC is vulnerable too: mk.am/m/ussd.html
The only thing is I'm not quite sure that HTC has USSD for factory reset or wipe.
These work on some htc phones:
##72786#
*#*#7780#*#*
*#7780#
*#767*3855# - this one, if it works will format your partitions, recovery will not be a simple task BE WARNED!
synisterwolf said:
this bug is being reports for Samsung TouchWiz devices only. we are safe.
Click to expand...
Click to collapse
Does HTC have such a reset code? I've seen various posts say that HTC does have a reset code.
I was able to get to the HTC Function Test with this method (3424) on stock browser, FF and Chrome. If there is a similar hard reset I think this would work for that too.
Lennyuk said:
These work on some htc phones:
##72786#
*#*#7780#*#*
*#7780#
*#767*3855# - this one, if it works will format your partitions, recovery will not be a simple task BE WARNED!
Click to expand...
Click to collapse
Any souls out there braver (or perhaps in a better position) than I to try these out?
Lennyuk said:
These work on some htc phones:
##72786#
*#*#7780#*#*
*#7780#
*#767*3855# - this one, if it works will format your partitions, recovery will not be a simple task BE WARNED!
Click to expand...
Click to collapse
tried all 4 codes on my htc rezound. nothing happened.
so im sorry but it looks like you are miss informed.
The Factory Reset. One of those last ditch efforts that many of us have a fair bit of experience with. However, a malicious embed code could potentially do the exact same thing to your Galaxy S III. The Unstructured Supplementary Service Data (USSD) code (which we won't reproduce here) apparently only works on Samsung phones running Touchwiz, and only if you are directed to the dodgy destination while inside the stock browser (rather than Chrome, for example). This means the Galaxy Nexus is unaffected, but it can work the same dark magic on the likes of the Galaxy S II.
We've been trying to murder a (UK-based) GS III here at Engadget, but with no luck as yet -- we can cause the malicious digits to appear in the dialer, but we can't force the stock browser to visit them as a URL, even when trying a bit of URL forwarding and QR code trickery. However, this particular GS III has been rooted in the past, even though it's now running an official TouchWiz ROM, and that may be interfering with the process.
Aside from our own experiences, the evidence for the vulnerability is certainly strong. It was demonstrated at the Ekoparty security conference last weekend, during which time presenter Ravi Borgaonkar also showed how a different code could even wipe your SIM card. See the video after the break for the evidence.
Update: Tweakers.net has been able to replicate the security hole on a Galaxy S Advance, while The Verge has confirmed that it works on both the Galaxy S II and the AT&T Galaxy S III. Samsung has told us it's looking into the issue.
source
There's a lot of confusion as to exactly which Samsung phones are vulnerable to today's big scary USSD vulnerability, which could cause some phones to factory reset themselves upon visiting a malicious web page. Some Galaxy S2 and S3-class phones are susceptible, others less so. In some cases it depends if you're running the latest firmware or not. In others, there's no patched firmware available yet.
Samsung will surely be hard at work rolling out fixes for devices that remain susceptible, but in the meantime we've got a quick, easy to tell if your phone is at risk, without taking the plunge and running the malicious code itself. Find out more after the break.
First off, note that today's glitch only affects Samsung phones. Our testing method may produce different results on other manufacturers' devices, but it's important to remember that it's impossible to use this exploit on a phone that's not running Samsung's TouchWiz software. Also, note that we don't see any secret information from your phone during this test. If in doubt, right-click and check the source code to see exactly what we're doing. It's a pretty simple test.
With that in mind, head to this page on your Samsung phone's stock browser. You'll find it at androidcentral.com/ussd-test
With this page loaded on your phone, simply click the button in the embedded area below to see if your Samsung phone is at risk. The test works by trying to direct you to a benign USSD code, specifically, the one that displays your IMEI on your screen (nothing malicious). If you're using a Samsung phone and a window pops up showing your IMEI number, you're likely vulnerable. If your dialer just loads up showing either nothing, or *#06# in the number read-out, you should be safe.
Let us know how you get on down in the comments. Safe browsing, everyone!
Source
synisterwolf said:
tried all 4 codes on my htc rezound. nothing happened.
so im sorry but it looks like you are miss informed.
Click to expand...
Click to collapse
That is good news, but this is still too early to call this one I think. This vector is open (at least on my phone) as demonstrated by the code:
HTML:
<frameset>
<frame src="tel:*%23*%233424%23*%23*">
</frameset>
(Place in an HTML file, host it somewhere. I wouldn't trust ANYONE's links unless you are prepared for the worst.)
This uses 3424 which opens up the HTC Function Test.
Just because those codes don't work doesn't mean there isn't one available if the vector is open.
killsforpie said:
That is good news, but this is still too early to call this one I think. This vector is open (at least on my phone) as demonstrated by the code:
HTML:
<frameset>
<frame src="tel:*%23*%233424%23*%23*">
</frameset>
(Place in an HTML file, host it somewhere. I wouldn't trust ANYONE's links unless you are prepared for the worst.)
This uses 3424 which opens up the HTC Function Test.
Just because those codes don't work doesn't mean there isn't one available if the vector is open.
Click to expand...
Click to collapse
ran this in chrome and still no go.
synisterwolf said:
ran this in chrome and still no go.
Click to expand...
Click to collapse
Very interesting... what are your specs? Can you try with stock browser?
mine:
HTC Rezound on Verizon, latest stock update available
Android 4.0.3
3.14.605.12 710RD
killsforpie said:
Very interesting... what are your specs? Can you try with stock browser?
mine:
HTC Rezound on Verizon, latest stock update available
Android 4.0.3
3.14.605.12 710RD
Click to expand...
Click to collapse
i deleted the stock browser. chrome is better for me with sign in ability and unlimited tabs. i can load up a stock browser after lunch and see if i can get it to trip.
but im running:
AOKP by neo
global update firm and radio
2.27 hboot
s-off
synisterwolf said:
i deleted the stock browser. chrome is better for me with sign in ability and unlimited tabs. i can load up a stock browser after lunch and see if i can get it to trip.
but im running:
AOKP by neo
global update firm and radio
2.27 hboot
s-off
Click to expand...
Click to collapse
Ah, I believe you're in a similar category as CM users then, these USSD's have likely been removed from your rom.
Anyone else on stock (or willing to go to stock) who would be able to test the wipe codes?
FWIW I installed DialerOne and set it as my default dialer. This no longer executes the USSD automatically for the Function Test, so I hope if there is a valid USSD Reset code it would stop that as well.

Official USSD hack list of immune and unsafe ROMs & Browsers

Official USSD hack list of immune and unsafe ROMs​
This will be the official list for ROM's and browsers affected by the USDD code issue and instructions on how to patch it til an official fix is released. Please follow the following steps;
Visit the following link using your phones browser USDD test page
If your MEID info is shown on the screen then the ROM you are using is affected! Download and install TelStop from the Play Store.
After you install the TelStop app visit the test page again. You should now get a "Complete action using" popup with TelStop listed. Select TelStop. You will then receive a warning that this is likely a malicious code.
If your MEID info is not displayed then you are fine.
Report What ROM and browser you used and what your results were.
Source- PCWorld
Affected ROMs (I'm thinking all ICS and older based ROMs are most likely affected unless they are patched)
Stock 2.3 (all releases, all phones)
CM7
Imperium Initiative
peetr's Hybrid
MOF.2.3.5.ish
CM9
Unaffected ROMs
Th3Bill's Jellybean based ROMs (thanks Th3Bill for getting back to me so quick)
Affected Browsers
Stock
Firefox
Opera Mini
Maxthon
Safe Browsers
Opera Mobile gives prompt "Loading of external frame source tel:*%2306%23 suppressed (click to view)"
One thing to mention is that it is the default browser that handles the tel: url. Cm7 stock browser is affected. If you set a different browser as default it will not execute the tel: url. Opera does nothing with "special" URLs like tel:. It wont even open the youtube app when clicking a video link.
Edit: Opera prompts you.
atroph said:
One thing to mention is that it is the default browser that handles the tel: url. Cm7 stock browser is affected. If you set a different browser as default it will not execute the tel: url. Opera does nothing with "special" URLs like tel:. It wont even open the youtube app when clicking a video link.
Click to expand...
Click to collapse
Which Opera, mobile or mini? The sad part is Firefox is affected. I'm installing Maxthon to check it right now.
Edit: Just tested Opera Mini and Maxthon. No good. Opera Mobile came back ok though. Adding results to OP.
Mobile.
It actually prompts you. Says will not display frame. You must click link again to enable.
Exact text:
Frame content not displayed
Loading of external frame source tel:*%2306%23 suppressed (click to view).
Generated by Opera.
I need somebody to check ICS please and report.
ICS and Chrome is affected too.
Sent from my SPH-D710 using Tapatalk 2
Omar04 said:
ICS and Chrome is affected too.
Sent from my SPH-D710 using Tapatalk 2
Click to expand...
Click to collapse
That's what I was afraid of. What ROM are you running on what device?
Using peetr's Hybrid rom and stock browser and its affected.
Sent from my MB855 using xda premium
Thanks for this. I was reading about this earlier.
Sent from my GT-I9300 using Tapatalk 2
Lokifish Marz said:
That's what I was afraid of. What ROM are you running on what device?
Click to expand...
Click to collapse
Stock Official ICS build FH13 on Galaxy S II E4GT
First was reported that only affected Samsung ICS Touchwiz Devices but no it affect Android All devices almost all browsers. Opera, Chrome, Boat, Fire Fox. Need to test Dolphin but it seem all of them are effected and all android devices
Edit: just tested Dolphin Browser and the code runs through too. So in definition every browser is affected.
Sent from my SPH-D710 using Tapatalk 2
Jokers CM9 affected too. What is all this about? What does all this mean?
N/m
Using MOF.2.3.5.ish v1.4 and Dolphin Browser and the test failed. Telstop fixed the problem. Then Lookout Mobile updated to include the same functionality as Telstop (just select Lookout as default action and a safe link will go through to the dialer and an unsafe one will come up with a warning and the option to cancel action or continue)
The Verge report about the exploit.
http://mobile.theverge.com/2012/9/2...hwiz-remote-wipe-vulnerability-android-dialer
Sent from my SPH-D710 using Tapatalk 2
Some of the comments are hilarious. The thing is that USDD codes are a part of the dialer and have been around for some time. Techs use them on a regular basis so blocking the codes is a bad thing. In some cases USDD codes are the only way to fix some issues in a timely manner. It probably has to do with the ability to dial a number via a webpage but this goes a little too far. A browser should never have this level of access. This IE levels of stupid.
Happened to me I'm on stock mopho 2.3.5 only root access
Sent using Xda App
I am lookink into this problem and this is really only a problem of ussd codes, because ussd does not need to be confirmed.
However providing tel: data type from browser is normal, so you can dial right from it. Any other number must be confirmed by dial button.
The question is, if JB browser is really not affected, or JB dialer just do not handle *#06# ussd code. I did not try it.
There should be exception for usage of * or # marks with VIEW intent, in the dialer I think.
On the other side, from what I know, none of ussd codes, that does not need to be confirmed by dial button, are not interactional with service provider.
These ussd codes are just for running activities. Nothing else. You can run the activity, but you cannot change anything.
If I am mistaken and there exists some ussd code, that does not need to be confirmed and changes something or sends some data somewhere, please tell me.
Hmm, just tried most of codes in my rom. Most of them must be confirmed by dial button or leading to programming menu, where you must enter password or just providing onscreen info about version or imei, etc.
*#*#4636#*#* just starts phone info activity and there is no way to continue browsing this activity from the browser.
My results are, that I don't see any security issue here.
Just watched the video. Samsung and their touchwiz - what more can I say.
One link, if you don't understand, what am I writing about.
http://www.theregister.co.uk/2012/09/25/samsung_flaw/
This is really only Samsung problem and his inability to secure such thing like wiping whole phone by a password.
On MoPho stock 2.3.5. Boat Browser is affected. Interestingly, RoboForm, which has it's own browser is not.
peetr_ said:
Hmm, just tried most of codes in my rom. Most of them must be confirmed by dial button or leading to programming menu, where you must enter password or just providing onscreen info about version or imei, etc.
*#*#4636#*#* just starts phone info activity and there is no way to continue browsing this activity from the browser.
Click to expand...
Click to collapse
(check your PM)
In most cases many folks will be fine as long as they pay attention to what's going on. The other side to this is that the Electrify/Photon family of phones was sold world wide and there are some USSD codes that are specific to the carrier and these codes are generally built into the dialer. If you know what device and what carrier someone is one you can cause a lot of panic. For obvious reasons I'm not going to go into specific examples but those that have pranked somebody using USSD codes know what I'm talking about.
The safest bet for those that are concerned is to use a third party dialer that doesn't process USDD and command codes. I personally use Dialer One as my default dialer.

Android/whatsapp hacked! Please help!

Hi, I really need some advice and help, please!
Someone hacked my galaxy note 8 (latest update of OS) using Bluetooth. Thereafter when I had Bluetooth turned off all the time I would sometimes found it had turned on again and at times a pic would randomly appear in my camera roll folder. I was targeted by a group of people and having recalled looking back I was encouraged to message through WhatsApp and I believe that chrome and Andoid webview extension were involved. They also got into my gmail and tried to delete my contacts and wipe my phone and whatsapp history. Aftert this I saw that a Linux device had been attached to my gmail account.
I then went to an iphone and received a whatsapp from someone and a pic appeared again in my camera roll. I believe they were trying to do the same again and not sure how effective it is on iOS.
But now I have a new galaxy note 8 and someone has sent me a pic and video. I don't know that they are involved and I think I'm being overly cautious, but I need to understand what they did before and what I can do to check if they have hacked my new phone and doing the same thing again, and what I can do now to ensure they don't do it. I'm worried now that if they have got into my new phone and WhatsApp, will they have been able to get my IMEI and is my new phone now permanently susceptible to attack?
If I wipe my phone back to factory settings and reinstall everything again and start a new whatsapp with a new number, will that work?
My MS surface has also been acting up and I'd like to know if there's an easy sign to check on there too.
Thanks so much in advance!
phoenix79802 said:
Hi, I really need some advice and help, please!
Someone hacked my galaxy note 8 (latest update of OS) using Bluetooth. Thereafter when I had Bluetooth turned off all the time I would sometimes found it had turned on again and at times a pic would randomly appear in my camera roll folder. I was targeted by a group of people and having recalled looking back I was encouraged to message through WhatsApp and I believe that chrome and Andoid webview extension were involved. They also got into my gmail and tried to delete my contacts and wipe my phone and whatsapp history. Aftert this I saw that a Linux device had been attached to my gmail account.
I then went to an iphone and received a whatsapp from someone and a pic appeared again in my camera roll. I believe they were trying to do the same again and not sure how effective it is on iOS.
But now I have a new galaxy note 8 and someone has sent me a pic and video. I don't know that they are involved and I think I'm being overly cautious, but I need to understand what they did before and what I can do to check if they have hacked my new phone and doing the same thing again, and what I can do now to ensure they don't do it. I'm worried now that if they have got into my new phone and WhatsApp, will they have been able to get my IMEI and is my new phone now permanently susceptible to attack?
If I wipe my phone back to factory settings and reinstall everything again and start a new whatsapp with a new number, will that work?
My MS surface has also been acting up and I'd like to know if there's an easy sign to check on there too.
Thanks so much in advance!
Click to expand...
Click to collapse
I do strongly advice you to do a full factory reset or go to the nearest technician if you don't know how to do it, to flash the phone from scratch inmediatly. Also try the best security app for android once you setup your device again. That's enough.
Enviado desde mi SM-G550T1 mediante Tapatalk
---------- Post added at 12:58 PM ---------- Previous post was at 12:52 PM ----------
I would also report the issue to the tech support of WhatsApp, if there's any. Also, change every passwords on your Google devices with more secure passwords, Google, banking, social. And do place a secure password to block your device. Good luck.
Enviado desde mi SM-G550T1 mediante Tapatalk
This is why I dislike Touchwiz, it's so outdated and vulnerable.
Just reflash your whole system, you can find guides on YouTube on how to flash a new firmware.
I would also recommend changing to a custom ROM with up to date security patches.
Edit: You should also change all your passwords to something very difficult like 'nJfi8t%Nc178c'
If you have difficulties remembering there's a lot of apps out there that can help, I personally use last pass, you should check it out.
davidzam said:
I would also report the issue to the tech support of WhatsApp, if there's any. Also, change every passwords on your Google devices with more secure passwords, Google, banking, social. And do place a secure password to block your device. Good luck.
Click to expand...
Click to collapse
If you were conned into downloading a webextension then this has nothing to do with whatsapp it has to do with the user. Conntact google security to change your account. In general if they hacked a phone the phone only is the problem but if they have access to all your info then it can always be a problem. About bluetooth always have at least a code between the devices (some BT keyboards do not even have this). Also look at the security update on the device if it is not the latest then swith to one of the custom roms here which are always secure.
As for passwords think of a sentence and use the first letters of each word incorperate numbers capital letters and a symbol this helps you to remember it.
For example
I Have A Dog Who Name Is Henry And I Love Him=IHADWNIHAILH
now change A for the & symbol one I for 1 and A for 4=1H4DWNIH&ILH
mix it up with some upper case and lower case (names)=1h4dwniH&Ilh
you can now add in other symbols or spell words such as [email protected] (too big so we will use only part @m )add ! after Henry and [] around &Ilh [email protected]![&ILH]
now you have a random easy to remember password. This password is the basis for all the security on android (at the current time) so even if you use a code it still unlocks with this and encrypts.
Applied Protocol said:
If you were conned into downloading a webextension then this has nothing to do with whatsapp it has to do with the user. Conntact google security to change your account. In general if they hacked a phone the phone only is the problem but if they have access to all your info then it can always be a problem. About bluetooth always have at least a code between the devices (some BT keyboards do not even have this). Also look at the security update on the device if it is not the latest then swith to one of the custom roms here which are always secure. As for passwords think of a sentence and use the first letters of each word incorperate numbers capital letters and a symbol this helps you to remember it. For example I Have A Dog Who Name Is Henry And I Love Him=IHADWNIHAILH now change A for the & symbol one I for 1 and A for 4=1H4DWNIH&ILH mix it up with some upper case and lower case (names)=1h4dwniH&Ilh you can now add in other symbols or spell words such as [email protected] (too big so we will use only part @m )add ! after Henry and [] around &Ilh [email protected]![&ILH] now you have a random easy to remember password.
Click to expand...
Click to collapse
Thanks for clarifying that fact for me.
Thanks so much! Would a custom firmware allow me to keep the use of knox? I'm thinking to flash it back to factory and only install and use everything from within knox.
Zep0th said:
This is why I dislike Touchwiz, it's so outdated and vulnerable.
Just reflash your whole system, you can find guides on YouTube on how to flash a new firmware.
I would also recommend changing to a custom ROM with up to date security patches.
Edit: You should also change all your passwords to something very difficult like 'nJfi8t%Nc178c'
If you have difficulties remembering there's a lot of apps out there that can help, I personally use last pass, you should check it out.
Click to expand...
Click to collapse
Applied Protocol said:
If you were conned into downloading a webextension then this has nothing to do with whatsapp it has to do with the user. Conntact google security to change your account. In general if they hacked a phone the phone only is the problem but if they have access to all your info then it can always be a problem. About bluetooth always have at least a code between the devices (some BT keyboards do not even have this). Also look at the security update on the device if it is not the latest then swith to one of the custom roms here which are always secure. As for passwords think of a sentence and use the first letters of each word incorperate numbers capital letters and a symbol this helps you to remember it. For example I Have A Dog Who Name Is Henry And I Love Him=IHADWNIHAILH now change A for the & symbol one I for 1 and A for 4=1H4DWNIH&ILH mix it up with some upper case and lower case (names)=1h4dwniH&Ilh you can now add in other symbols or spell words such as [email protected] (too big so we will use only part @m )add ! after Henry and [] around &Ilh [email protected]![&ILH] now you have a random easy to remember password.
Click to expand...
Click to collapse
Just another question regarding Knox Secure Folder.
If I were to install and run everything through the secure folder and I were to be compromised again through a web extension, would that then all hackers to view everything on my phone again regardless of whether it's in the knox environment or outside? Would a backdoor like that work into the secure environment as it did in my normal android system?
Thanks again!
phoenix79802 said:
Just another question regarding Knox Secure Folder.
If I were to install and run everything through the secure folder and I were to be compromised again through a web extension, would that then all hackers to view everything on my phone again regardless of whether it's in the knox environment or outside? Would a backdoor like that work into the secure environment as it did in my normal android system?
Thanks again!
Click to expand...
Click to collapse
If your knox is still working and not tripped then that would be a good idea. However understand that the way to get in and out of knox still relies on encryption methods see CVE-2016-1919 as well as the kernel level security CVE-2016-6584 see also https://googleprojectzero.blogspot.com/2017/02/lifting-hyper-visor-bypassing-samsungs.html, this means that if the key or encryption method is faulty you can get around it and the kernel is more complicated but will also do the same thing. The last way is to access a shared resource such as a clipboard that has access to both places a example of this is CVE-2016-3996. And CVE-2018-9142. Granted most of these are 2017 and 2018 and a quick look at the samsung CVA at https://www.cvedetails.com/vulnerability-list/vendor_id-822/Samsung.html does not have anything for Oreo this can be since until recently only the 9s' had it. But their is a recurring theme that the CVAs' are repeated out of the last 5 4 are repeated and some are simple mistakes (look at Googles project zero above in KALSAR). The question is is this enough and the answer is probably but a security orientated Rom might be a better bet. (I know this is not fair since they do not have CVAs). But a full wipe and fresh install should be enough. Add in a firewall too if you did not have that already.
phoenix79802 said:
Thanks so much! Would a custom firmware allow me to keep the use of knox? I'm thinking to flash it back to factory and only install and use everything from within knox.
Click to expand...
Click to collapse
Sorry for the late reply, but Knox, in my opinion is super vulnerable, new android versions are safe enough.
And no, using a custom ROM would not have Touchwiz integrated nor Knox. Why? Because it will most likely be running stock android vanilla.
More secure than Samsung's Touchwiz, recommend something like LineageOS.
Zep0th said:
Sorry for the late reply, but Knox, in my opinion is super vulnerable, new android versions are safe enough.
And no, using a custom ROM would not have Touchwiz integrated nor Knox. Why? Because it will most likely be running stock android vanilla.
More secure than Samsung's Touchwiz, recommend something like LineageOS.
Click to expand...
Click to collapse
Look this depends on your perspective
FACT: knox is a hardware based security system which is unique to Samsung
FACT: Samsung phones are the most sold
FACT: The maker of the hardware has the resources to secure it better
Therefore Samsung knox is more secure and yes more users using the phone make it more advantageous to crack it. However Samsung to their credit does try to increase security in other ways such as using the TrustZone more and SEAndroid policy strengthening. Lineage is a great choice however knox which will be tripped and ever if not it needs custom software to run AFAIK. Also samsung is DoD approved see DoD list and news article. This is not necessarily a good indication of overall security but it dos put things in a good perspective (DoD do not patch themselves rather rely on the developers and stay on top of things) Really high security Android OS such as copperhead also have such improvements as Knox (way better if you look carefully) but they are limited on what phones it will work on. Also Android 8 is a lot more secure but fact of the matter is the best party that can secure a Samsung phone is Samsung but I am not saying they do. I would recommend Stock Samsung but if you need a custom rom lineage is a good choice this is true also in terms of power (used to be snapdragon charging on a rooted phone is only up to 80% but I think there is a fix) but in versatility a custom rom always wins and power saver settings can be better than the original.

(What are) Must have APPS and To-Do to newbies to Galaxy S9+ (?)

Hey all.
Within a couple of days I'm getting my new Galaxy S9+ (Exynos) phone.
I made a year break from Android and switched to Apple, and now I'm back.
Unfortunately, I know nothing about newest Galaxy phones.
Maybe anyone has suggestions what should I do (download) when I'll set-up my phone (I've watched all the reviews of "must have" etc., don't suggest me to do that)?
I used to root and unlock bootloader for each my android phone, but I won't do that to my Galaxy S9+ at least for 6 months.
Hence, many root apps not working: "AdAway", "Viper4Android" etc.,
Maybe anyone knows Ad Blocking app without rooting a phone?
Or just mention anything that newbie to Galaxy S9+ should know.
(If you're wondering why am I "spamming" with these "stupid" questions: And no, I didn't find any similar thread to this)
Thanks in advance!
I use to root and rom all my phones, but I don't think it is as necessary as before.
I also use to download all the tweaks, but I don't do that either.
Non-root to block adds try Blokada it is in the F-Droid store.
It is Free and it Works.
I also swear by ES File Explorer to view and move files on your app. Also to sync any cloud storage you have.
If you have a regular phone number and google voice number going to the same phone
Voice Choice 2.0 is a nice app that allows you to make calls with a specific number
i.e. family and close friends have you carrier number
work partners, resume, business line has your google number
when you make a call you don't have to select anything, based on your rules set up it will dial out using the appropriate number.
re
qnc said:
I use to root and rom all my phones, but I don't think it is as necessary as before.
I also use to download all the tweaks, but I don't do that either.
Non-root to block adds try Blokada it is in the F-Droid store.
It is Free and it Works.
I also swear by ES File Explorer to view and move files on your app. Also to sync any cloud storage you have.
If you have a regular phone number and google voice number going to the same phone
Voice Choice 2.0 is a nice app that allows you to make calls with a specific number
i.e. family and close friends have you carrier number
work partners, resume, business line has your google number
when you make a call you don't have to select anything, based on your rules set up it will dial out using the appropriate number.
Click to expand...
Click to collapse
Thanks! Maybe you know anything about removing / disabling Bloatware as well?
LaurynasVP said:
Thanks! Maybe you know anything about removing / disabling Bloatware as well?
Click to expand...
Click to collapse
check out this thread at your own risk. It works I disabled Facebook (don't see why that would be on and unlocked phone fro Samsung, but i digress)
https://forum.xda-developers.com/galaxy-s9-plus/how-to/s9-s9-bloatware-removal-thread-g960u-t3817810
Be careful with the commands and understand what is being done before you hit the enter/return key
Good thing about disabling is if you fubar the phone you can do a factory restore and start all over
I only disabled Facebook. will investigate the other software as i play with the phone. Only had it 2 weeks so far.
re
qnc said:
check out this thread at your own risk. It works I disabled Facebook (don't see why that would be on and unlocked phone fro Samsung, but i digress)
https://forum.xda-developers.com/galaxy-s9-plus/how-to/s9-s9-bloatware-removal-thread-g960u-t3817810
Be careful with the commands and understand what is being done before you hit the enter/return key
Good thing about disabling is if you fubar the phone you can do a factory restore and start all over
I only disabled Facebook. will investigate the other software as i play with the phone. Only had it 2 weeks so far.
Click to expand...
Click to collapse
Thanks, I'll keep everything in mind

Categories

Resources