Rowhammer - AT&T LG G5 Questions & Answers

Good morning. Just read something online about the Rowhammer exploit that has been used to grant root to the the g4 and was wondering if something similar could root the G5?
Sent from my LG-H820 using Tapatalk

http://arstechnica.com/security/201...tflips-to-root-android-phones-is-now-a-thing/
"Until recently, we never even thought about hardware bugs [and] software was never written to deal with them," one of the researchers, Victor van der Veen, wrote in an e-mail. "Now, we are using them to break your phone or tablet in a fully reliable way and without relying on any software vulnerability or esoteric feature. And there is no quick software update to patch the problem and go back to business as usual."
http://www.techtimes.com/articles/1...id-phones-at-risk-researchers-demonstrate.htm
The exploit has successfully pushed past key security defences that protect an Android device from malicious codes. The researchers embedded it in an app that requires no permissions. Once, downloaded, it then proceeds on systematically taking over core parts of the operating system.
https://www.vusec.net/projects/drammer/
Test App , Source Code and white paper * this isnt for root , this is their Drammer Test App ( as far as i can tell the best way to find out if it will work is for anyone that wants to use the test application available on this link , follow the instructions and allow it to work for about an hr- you know when it works when it starts working on the Template , Hammering and FLIP if it crashes or says service stopped it hasnt worked try again
---
/now its possible for this to work with any device , but with that said its going to cause a major problem , there's no way to even know if another app / game would be infected with the code , or even downloaded via an ap and then executed , once given just the permission to download and run , that's seems all it needs

So it possible to maybe use this to root in some way?
Sent from my LG-H820 using Tapatalk

kyuubi08 said:
So it possible to maybe use this to root in some way?
Sent from my LG-H820 using Tapatalk
Click to expand...
Click to collapse
Maybe not :/ The Device comes with 4GB of LPDDR4 memory
from the devs
We expect, for example, that devices equipped with LPDDR4 are less vulnerable. This is because the LPDDR4 standard includes optional hardware support for the so-called target row refresh mitigation.

Related

Security Measures?

Iv lQQked but either in the wrong place or its not here. Was wondering what's the best possible security measures HTC EVO 4G LTE rooted owners could take for our devices. I ran into sumn called "zAnti" but haven't done further research on said app. Thanks!
Sent from my EVO using xda premium
So what exactly are you trying to secure?
Best security as far as Android goes is encrypting the device and setting a Pattern Unlock (Make sure you wipe your screen frequently)
Cerberus from the amazon app store (cheaper then play)
Sent from my htc_jewel using xda app-developers app
Kcarpenter said:
So what exactly are you trying to secure?
Click to expand...
Click to collapse
My thoughts exactly.
Sent from my EVO using Tapatalk 2
Iv read that ppl w/advance knowledge of computers could piggyback your tethered connection and easily get most if not all information from your phone. Iv tried an app called AdbToggler but its conflicting with superSU or something. You can never be too secured but it helps knowing you can get pretty darn close and how to do so. Lol
Sent from my EVO using xda premium
Security is always an illusion.
Just be safe about the apps you install.
Try not to install them from 3rd parties unless you really trust them (Amazon, GetJar, a recognized XDA developer).
If a hacker really wants the info on your phone bad enough, they'll get it.
You take risks with rooting a phone, less security is one of them.
William said:
Iv lQQked but either in the wrong place or its not here. Was wondering what's the best possible security measures HTC EVO 4G LTE rooted owners could take for our devices. I ran into sumn called "zAnti" but haven't done further research on said app. Thanks!
Sent from my EVO using xda premium
Click to expand...
Click to collapse
zAnti is a security researcher's tool that can do some minor pentesting actions (network discovery, port scans, exploit vuln checks). Think of it like a baby Nessus. It does not really do anything on it's own to secure the Android OS. As far as securing you device, the answer is fairly simple and is the same with anything:
1) Authentication: Secure the lockscreen with at least a PIN or pattern (I recommend a password). Face Unlock is a joke and the basic lockscreen is by no means secure...
2) Install an anti-virus app. I personally use BitDefender, because it has a full suite of options, including GPS tracking and remote wipe.
3) Optionally, use a firewall or manually configure iptables, if you know how.
4) Don't install anything that you are not sure what it does or have any questions as to it's safety.
5) Be aware of exactly what is on your device... all software, scripts, etc.
6) Physical Access == Pwned. If a malicious party has physical access to your device, all bets are off.
As far as security goes, common sense goes a long way.
I just use Avast! both on my laptop and on my phone, it works great!
There's a list of text commands you can send your phone, it's pretty cool! Also with root users there's more options for security.

Nokia Beamer

Hi,
I want to try the app on my nokia lumia 520, my phone is dev unlocked, but i can't find the Nokia Beamer xap. Can anyone help me?
Thank you,
Medve
Nokia Photo Beamer is on Nokia market.
Nokia Photo Beamer: http://www.windowsphone.com/pl-pl/store/app/photobeamer/971c41e5-3596-4a7a-ba2c-bcd7780d7db5
Nokia Beamer: http://www.windowsphone.com/pl-pl/store/app/nokia-beamer/b5511af6-cbd0-4945-9bf6-30cf0582043f
Correct me if I'm wrong, but I believe Nokia Beamer only works on devices with 1 GB of RAM or higher. Those devices get Nokia Beamer automatically with the Lumia Black update or, in the case of newer devices with Lumia Black, ship with it installed by default.
Thanks,
Yes, you know correctly, but i want to try It, but the Lumia 520's got only 512mb RAM. I heard if i Dev. Unlock my Phone, I can install aps, wich need more Power. I downloaded the XAP from the Marketplace, but it's encrypted, and the SDK app deployment won't deploy to my Phone. So I need the decrypted XAP, or maybe an another method. Can anyone upload the decrypted XAP( if you downloaded the Nokia Beamer from the Marketplace, It Will be on your Phone.) or write an another method?
OR any alternative instead?
Thank you,
Medve
MedveHUN said:
I heard if i Dev. Unlock my Phone, I can install aps, wich need more Power.
Click to expand...
Click to collapse
Dev unlock only allows you to sideload apps that use tier 3 capabilities (which is the same as most of the apps published in the store), so you gain nothing in terms of "power", just the ability to sideload homemade apps.
MedveHUN said:
So I need the decrypted XAP, or maybe an another method. Can anyone upload the decrypted XAP( if you downloaded the Nokia Beamer from the Marketplace, It Will be on your Phone.) or write an another method?
OR any alternative instead?
Click to expand...
Click to collapse
We can't just pull decrypted XAPs from our phones... You need interop unlock for that (and possibly more), and so far that's only achieved on Samsung phones. Your best chance is to get someone with an unlocked Samsung device to install Beamer by using the proxy trick, then posting the XAP so you can sideload. But be aware this can potentially create new issues - it's an OEM app, so it probably uses capabilities not covered by dev unlock (which means you won't be able to sideload).
Or you can just try the proxy trick yourself. Change the device model to something with 1GB and it should be available for download.
DaviUnic said:
Dev unlock only allows you to sideload apps that use tier 3 capabilities (which is the same as most of the apps published in the store), so you gain nothing in terms of "power", just the ability to sideload homemade apps.
We can't just pull decrypted XAPs from our phones... You need interop unlock for that (and possibly more), and so far that's only achieved on Samsung phones. Your best chance is to get someone with an unlocked Samsung device to install Beamer by using the proxy trick, then posting the XAP so you can sideload. But be aware this can potentially create new issues - it's an OEM app, so it probably uses capabilities not covered by dev unlock (which means you won't be able to sideload).
Or you can just try the proxy trick yourself. Change the device model to something with 1GB and it should be available for download.
Click to expand...
Click to collapse
Thanks, but can you help me with? I'm New in WP, I've got android before.
Thank you,
Medve
Do a google search on how to trick the store into thinking you own a different device than you actually do. The tutorial may even be on this forum, so have a look around...
Quite possible that it still checks for the RAM requirement when it's launched, even if you manage to install it.
Even when people run games like Temple Run 2 on 512 MB RAM devices, sideloaded, the XAP needs to be modified and have that check removed, or they will not launch, as far as I know. No idea on how this is done or even how the people who do this get their hands on decrypted XAPs, though.
acewing905 said:
Quite possible that it still checks for the RAM requirement when it's launched, even if you manage to install it.
Even when people run games like Temple Run 2 on 512 MB RAM devices, sideloaded, the XAP needs to be modified and have that check removed, or they will not launch, as far as I know. No idea on how this is done or even how the people who do this get their hands on decrypted XAPs, though.
Click to expand...
Click to collapse
Yeah, that's quite possible. But there's really no way of knowing without trying...
Thanks for the help
I found 2 proxy servers, but they are unavalibe. Are you know working proxy servers?
I heard if the phone dont't have the minimum amount of RAM, I can't install the app with proxy trick. It is true?
Thank you,
Medve
MedveHUN said:
Thanks for the help
I found 2 proxy servers, but they are unavalibe. Are you know working proxy servers?
I heard if the phone dont't have the minimum amount of RAM, I can't install the app with proxy trick. It is true?
Thank you,
Medve
Click to expand...
Click to collapse
You can use fiddler to set up your own computer as a proxy...
IIRC the store doesn't specifically check for the amount of RAM the device has, only model, firmware and OS version, etc. and then makes conclusions based on that. So if you tell the store you have, say a 1520 instead of the 520, the store will assume your phone has 2 GB of RAM.
DaviUnic said:
You can use fiddler to set up your own computer as a proxy...
IIRC the store doesn't specifically check for the amount of RAM the device has, only model, firmware and OS version, etc. and then makes conclusions based on that. So if you tell the store you have, say a 1520 instead of the 520, the store will assume your phone has 2 GB of RAM.
Click to expand...
Click to collapse
Thank you
I will try this, I write later.
Medve
I'm again,
So I tried to find any videos and writings about proxy servers, but I didn't found. Can you link me a video or write a guide?
Thank you,
Medve
Can't install Lumia beamer on my 822.
Is there a way to sideload it?

About Android MMS Stagefright exploit

How can Android system be hacked just by one MMS? I heard from news sites that there was found an exploit for 95% of Android phones (Android 2.3+) that can take control of the whole device just for one MMS and without letting you know. How can it be possible and how I can prevent it?
P.S.: I don't want to hack nobody's phone as I have no friends. Just curious.
Sent from my GT-I9301I using XDA Forums Pro.
mihai.apostu98 said:
How can Android system be hacked just by one MMS? I heard from news sites that there was found an exploit for 95% of Android phones (Android 2.3+) that can take control of the whole device just for one MMS and without letting you know. How can it be possible and how I can prevent it?
P.S.: I don't want to hack nobody's phone as I have no friends. Just curious.
Sent from my GT-I9301I using XDA Forums Pro.
Click to expand...
Click to collapse
Heres some useful info:
http://www.cnet.com/news/researcher-finds-mother-of-all-android-vulnerabilities/
That's some info, but not really anything useful. Does this mean Google has a patch, will they be pushing that our or will there be ways to patch custom ROMs sooner even? These are all unanswered, though would be nice to know...
"As soon as the malicious text is received, features built into Stagefright to reduce lag time for viewing videos process the video to prepare it for viewing. That processing apparently is enough for bad guys to get their hooks into the platform and take control." - cnet
I see it like this:
1. MMS with video arrives
2. Messaging app loads the video in Stagefright where it will processed for better playback.
3. Video is ready for playing.
As I figure out from Google's Android site about Stagefright, it is a service that take care of video/audio/other media related stuff offline and local.
How can hackers connect with Stagefright if Stagefright is an offline service? And anyway how can an media service recive code to execute as an remote command execution for whole system?
Sorry but I just don't get it at all.
mihai.apostu98 said:
How can Android system be hacked just by one MMS? I heard from news sites that there was found an exploit for 95% of Android phones (Android 2.3+) that can take control of the whole device just for one MMS and without letting you know. How can it be possible and how I can prevent it?
P.S.: I don't want to hack nobody's phone as I have no friends. Just curious.
Click to expand...
Click to collapse
Here's further info. Google has apparently already sent the patches, 7 in all, to the various phone manufacturers.
Because of fragmentation, though, some of them may never send out these fixes. Since these have assumedly been committed to the source code online, they should theoretically be available for download at some point as well. However, you'd (likely) need to be rooted to apply them.
In the meantime, go into your SMS application (usually Hangouts these days) and turn off automatic MMS retrieval. Then, do not accept any photos or videos from anyone you don't know. I am not sure, but I worry it's also possible you might get it from someone do know who is already infected, so just operate with an abundance of caution overall, I guess. And keep an eye out for news here, because it will probably be one of the first places they become available.
mihai.apostu98 said:
"As soon as the malicious text is received, features built into Stagefright to reduce lag time for viewing videos process the video to prepare it for viewing. That processing apparently is enough for bad guys to get their hooks into the platform and take control." - cnet
I see it like this:
1. MMS with video arrives
2. Messaging app loads the video in Stagefright where it will processed for better playback.
3. Video is ready for playing.
As I figure out from Google's Android site about Stagefright, it is a service that take care of video/audio/other media related stuff offline and local.
How can hackers connect with Stagefright if Stagefright is an offline service? And anyway how can an media service recive code to execute as an remote command execution for whole system?
Sorry but I just don't get it at all.
Click to expand...
Click to collapse
People connect with Stagefright by sending you the malicious code contained within the MMS. Once that code gets (usually automatically) processed by the Stagefright service already locally present, it exploits security vulnerabilities to hand control of your device over to whomever is waiting on the other end. As for a media service being able to control the whole system, think of how Flash (a media service) and Microsoft had those zero-day UaE bugs that would allow someone to take over your PC. The logistics may be different, but the concept is the same.
If I remember correctly, there are ways to turn stagefright on/off by editing your build.prop file (easily found on XDA). I don't know if there is another subservice or what that could be running, and I haven't devved since Android 4 dropped, so don't get your hopes up.
Hope that helps.
I gather that Google has a patch. Has it been pushed out to Nexus devices?
pomeroythomas said:
If I remember correctly, there are ways to turn stagefright on/off by editing your build.prop file (easily found on XDA). I don't know if there is another subservice or what that could be running, and I haven't devved since Android 4 dropped, so don't get your hopes up.
Click to expand...
Click to collapse
Excellent idea, +thanks. Et voilà, what appears to b-e in my KitKat:
media.stagefright.enable-player=false
media.stagefright.enable-meta=false
media.stagefright.enable-scan=false
media.stagefright.enable-http=false
media.stagefright.enable-rtsp=false
media.stagefright.enable-record=false​
Now, this can break all kinds of things if you don't know what you're doing. Use a build.prop editor from the Play Store.
I don't know that they all need to be false to plug this hole. But those are the relevant lines.*
UPDATE [10 Aug 2015]: This doesn't affect what the Zimperium scanner says is vulnerable, which may indicate the edit won't protect you. It's unclear at this point.... read the latest posts in this thread for possible info. You can turn off auto-retrieve in MMS, but SF exists at other levels of the operating system. I suppose it couldn't hurt to do the build.prop, but don't rely on it.
voxluna said:
Excellent idea, +thanks. Et voilà:
media.stagefright.enable-player=false
media.stagefright.enable-meta=false
media.stagefright.enable-scan=false
media.stagefright.enable-http=false
media.stagefright.enable-rtsp=false
media.stagefright.enable-record=false​
Now, this will probably break all kinds of things, and I don't know that they all need to be false to plug this hole. But those are the relevant lines.
Click to expand...
Click to collapse
Thanks for the thanks!
You probably won't break much of anything; 90% of today's phones are powerful enough that you don't REALLY need Stagefright handling the media unless you're playing very intensive games on your device. The most you'll likely experience is not-quite-as-good benchmarking numbers.
pomeroythomas said:
Thanks for the thanks!
You probably won't break much of anything; 90% of today's phones are powerful enough that you don't REALLY need Stagefright handling the media unless you're playing very intensive games on your device. The most you'll likely experience is not-quite-as-good benchmarking numbers.
Click to expand...
Click to collapse
I had honestly never heard of StageFright, and I've been using Android since the very first device came out. But if it's possible to run all the usual media, just with a performance penalty, I'm going to change it right now (I did, and this happened).
Also, I just read an article claiming that fragmentation is not so much of an issue these days, because Google Play Services is mandatory. I wonder if it can proactively change something like this, on its own?
voxluna said:
I had honestly never heard of StageFright, and I've been using Android since the very first device came out. But if it's possible to run all the usual media, just with a performance penalty, I'm going to change it right now.
Click to expand...
Click to collapse
The only reason I even know about Stagefright is because my very first, 550MHz, resistive touchscreen Kyocera Zio shipped with Stagefright disabled by default. Haha.
Also, I just read an article claiming that fragmentation is not so much of an issue these days, because Google Play Services is mandatory. I wonder if it can proactively change something like this, on its own?
Click to expand...
Click to collapse
I would assume it's possible (this is just an arbitrary code execution issue, I think), but having had that vulnerability built into pretty much every ROM for the last 5 years could be a problem in that I'm not 100% sure that Google Play Services has the access to shut down the Stagefright service (no root access, etc), so I'm pretty sure Google Play Services would be less of a fix than a piece of software that actively tries to mitigate the breach.
I could be wrong, though; I'm basically guessing as I haven't looked into the malicious code.
Xposed Android will no doubt have either a module for this or existing bugfix modules will be updated to include this vulnerability in the coming days, and due to the nature of Xposed modules taking over services the ROM is trying to run without actually messing with your ROM, I'm sure it'll be a universal fix.
Personally, I just shut off the Stagefright service using my build.prop and am patiently awaiting someone more skilled than I to create a fix.
i could see this as a useful root method for lollipop, and other versions that don't have root methods yet.
Morlok8k said:
i could see this as a useful root method for lollipop, and other versions that don't have root methods yet.
Click to expand...
Click to collapse
Here's hoping!
Morlok8k said:
i could see this as a useful root method for lollipop, and other versions that don't have root methods yet.
Click to expand...
Click to collapse
pomeroythomas said:
I'm not 100% sure that Google Play Services has the access to shut down the Stagefright service (no root access, etc), so I'm pretty sure Google Play Services would be less of a fix than a piece of software that actively tries to mitigate the breach.
Click to expand...
Click to collapse
Come to think of it, if this exploit allows any kind of root, I suppose it'd be possible for Services itself to use that hole, and therefore be able to patch StageFright. A weird workaround, but entirely possible. Something tells me they won't use it, though, as technically feasable as it may be. I'm really hoping for that Xposed fix, just like GravityBox can patch FakeID. Which, indeed, Services eventually mitigated (for the most part).
commits on android.googlesource.com
Has anyone tracked any commits in android.googlesource.com related to stagefright?
Is this really a viable fix for this? I copied it from another website
If you turn off the following settings in your messaging app/apps on your device:
Auto-retrieve MMS. Check to automatically retrieve multimedia messages that you receive. If auto-retrieve is unchecked in your Messenger MMS settings, you must touch Download to view the message.
Roaming auto-retrieve. Check to automatically retrieve multimedia messages while roaming.
Then when you receive the text with this exploit it will not download to your phone unless you hit the download button. So looks like this can be turned off without a patch but patches are needed cause not everyone is smart enough to turn these off.
iverson3-1 said:
Is this really a viable fix for this? I copied it from another website
Auto-retrieve MMS. Check to automatically retrieve multimedia messages that you receive. If auto-retrieve is unchecked in your Messenger MMS settings, you must touch Download to view the message.
Roaming auto-retrieve. Check to automatically retrieve multimedia messages while roaming.
Then when you receive the text with this exploit it will not download to your phone unless you hit the download button. So looks like this can be turned off without a patch but patches are needed cause not everyone is smart enough to turn these off.
Click to expand...
Click to collapse
That should be one way to disable the hack. It's unclear from what I've read if it only affects Hangouts, or all SMS clients. What I've done is disable any auto MMS retrieve in my own messaging app, which in my case is mySMS. I suppose it couldn't hurt to do it in Hangouts as well.
This should cover it, but I think you still run the risk of someone you know sending (probably without their knowledge) an infected video -- much like trojans that take over a PC, and use the internal contact list to send mail as though they were your friend, they could exploit your trust.
Patching the build.prop theoretically protects from this, which I've personally done, but it's not for the faint of heart. If you screw it up, you could render your phone a mess. I wish I knew more about app development, because I would write something that did all this stuff automagically.
voxluna said:
Patching the build.prop theoretically protects from this, which I've personally done, but it's not for the faint of heart. If you screw it up, you could render your phone a mess.
Click to expand...
Click to collapse
Aaaaaand that's what I just did. I'm in a boot loop after changing the build.prop file. This is going to be really fun with an encrypted data partition that holds the backup I just made.
Be warned.
UPDATE: I had to reflash the ROM, and the entire experience took about 2.5 hours because I couldn't get a KDZ to work. I decided that since it was going to be a full wipe, at least I would upgrade to Lollipop, but I'll have to set up the entire phone all over again. I suspect the problem was that I didn't pay attention to the permissions of that file when I edited and transferred it from another machine. Ugh. I just went back and put warnings on all my posts about the build.prop lines.... and it would be better to just wait for patches, IMO. This thread is progressing quickly now.
i tried tracking the fix on android source repo. but the only recent commit against libstagefright is on July 7th.
Fix global-buffer-overflow in voAWB_Copy.
Copy() in frameworks/av/media/libstagefright/codecs/amrwbenc/src/util.c always
overreads the buffer by 4 bytes to the right, which, if we are very unlucky,
can even hit an unmapped memory page (in this case it is just a global
variable).
Click to expand...
Click to collapse
Hi all,
in my case, as I plainly don't use the MMS feature, I simpl deleted the MMS apn. Is this a possible workaround for this problem (at least, until it gets fixed somehow)?

Would it be feasible too...

Would it be possible to emulate android on an android phone? As in, you could supply an app with an android version (or have the app build it for you) an emulate or run it. Any time it asks for something device specific, it would simply run the request back to the stock OS. Said app would kill all but the essential android processes to improve performance. And to return, it could add a shortcut to the app drawer that would close everything and return to the stock. Using this, could we create universal, or at least wider, distributions of android?
Android in your android so you can android while you android....
I love it! its like watercooling a raspberry pi, because you can.
would be amusing to see
Darkcon said:
Android in your android so you can android while you android....
I love it! its like watercooling a raspberry pi, because you can.
would be amusing to see
Click to expand...
Click to collapse
My main idea was to be able to emulate any android version on any other and have it work as if it was built for that device. So if you had a KitKat device, and there were no Nougat ports available for your device (ahem), you could still run Nougat by emulating it. AKA, universal distributions of android.
But that would be pretty ridiculous. Actually, that could be a new benchmarking method: how many stacked emulators can it handle?
The Original Leppa said:
My main idea was to be able to emulate any android version on any other and have it work as if it was built for that device. So if you had a KitKat device, and there were no Nougat ports available for your device (ahem), you could still run Nougat by emulating it. AKA, universal distributions of android.
But that would be pretty ridiculous. Actually, that could be a new benchmarking method: how many stacked emulators can it handle?
Click to expand...
Click to collapse
I can see a few good reasons you'd want to do that, would require root, and alotta work tho
Darkcon said:
I can see a few good reasons you'd want to do that, would require root, and alotta work tho
Click to expand...
Click to collapse
Well, if no-one supports your phone, what other choice do you have? Also, were this a thing, it would be easier for ROM developers, too, as you could simply update a single package.. As for SU permissions...
SU would only be used for, let's see...
Not Bluetooth (can be accessed by other apps)
Not WiFi
Not calling
Switching off your phone? Holding power would just trigger the default power menu, as some system processes would still run and for the most part the emulator app would be treated as any other.
Killing processes for extra efficiency? Maybe. But it would be optional and likely wouldn't make much of a difference.
The Original Leppa said:
Well, if no-one supports your phone, what other choice do you have? Also, were this a thing, it would be easier for ROM developers, too, as you could simply update a single package.. As for SU permissions...
SU would only be used for, let's see...
Not Bluetooth (can be accessed by other apps)
Not WiFi
Not calling
Switching off your phone? Holding power would just trigger the default power menu, as some system processes would still run and for the most part the emulator app would be treated as any other.
Killing processes for extra efficiency? Maybe. But it would be optional and likely wouldn't make much of a difference.
Click to expand...
Click to collapse
Hmm you've got a point there, this could be used to root a phone thats unrootable effectively, like the android emulated inside an Iphone that some people did in the Iphone 4 days
all depends on implimentation, you'd have to set up the emulator to trigger normal events, like power saving cpu states etc in response to the emulated android os's requirements
I've been thinking.
Let's say you decide to emulate AOSP Nougat. You then installed the official Pixel Launcher. While emulating, it would act as it should, as it would be entirely identical to if you were running Nougat.
Then you close the emulation. You then try to open Pixel Launcher; it's already installed. Would it crash?
Ok then...
Would I just look for adb? Or does adb simply ask something else to emulate?

Android/whatsapp hacked! Please help!

Hi, I really need some advice and help, please!
Someone hacked my galaxy note 8 (latest update of OS) using Bluetooth. Thereafter when I had Bluetooth turned off all the time I would sometimes found it had turned on again and at times a pic would randomly appear in my camera roll folder. I was targeted by a group of people and having recalled looking back I was encouraged to message through WhatsApp and I believe that chrome and Andoid webview extension were involved. They also got into my gmail and tried to delete my contacts and wipe my phone and whatsapp history. Aftert this I saw that a Linux device had been attached to my gmail account.
I then went to an iphone and received a whatsapp from someone and a pic appeared again in my camera roll. I believe they were trying to do the same again and not sure how effective it is on iOS.
But now I have a new galaxy note 8 and someone has sent me a pic and video. I don't know that they are involved and I think I'm being overly cautious, but I need to understand what they did before and what I can do to check if they have hacked my new phone and doing the same thing again, and what I can do now to ensure they don't do it. I'm worried now that if they have got into my new phone and WhatsApp, will they have been able to get my IMEI and is my new phone now permanently susceptible to attack?
If I wipe my phone back to factory settings and reinstall everything again and start a new whatsapp with a new number, will that work?
My MS surface has also been acting up and I'd like to know if there's an easy sign to check on there too.
Thanks so much in advance!
phoenix79802 said:
Hi, I really need some advice and help, please!
Someone hacked my galaxy note 8 (latest update of OS) using Bluetooth. Thereafter when I had Bluetooth turned off all the time I would sometimes found it had turned on again and at times a pic would randomly appear in my camera roll folder. I was targeted by a group of people and having recalled looking back I was encouraged to message through WhatsApp and I believe that chrome and Andoid webview extension were involved. They also got into my gmail and tried to delete my contacts and wipe my phone and whatsapp history. Aftert this I saw that a Linux device had been attached to my gmail account.
I then went to an iphone and received a whatsapp from someone and a pic appeared again in my camera roll. I believe they were trying to do the same again and not sure how effective it is on iOS.
But now I have a new galaxy note 8 and someone has sent me a pic and video. I don't know that they are involved and I think I'm being overly cautious, but I need to understand what they did before and what I can do to check if they have hacked my new phone and doing the same thing again, and what I can do now to ensure they don't do it. I'm worried now that if they have got into my new phone and WhatsApp, will they have been able to get my IMEI and is my new phone now permanently susceptible to attack?
If I wipe my phone back to factory settings and reinstall everything again and start a new whatsapp with a new number, will that work?
My MS surface has also been acting up and I'd like to know if there's an easy sign to check on there too.
Thanks so much in advance!
Click to expand...
Click to collapse
I do strongly advice you to do a full factory reset or go to the nearest technician if you don't know how to do it, to flash the phone from scratch inmediatly. Also try the best security app for android once you setup your device again. That's enough.
Enviado desde mi SM-G550T1 mediante Tapatalk
---------- Post added at 12:58 PM ---------- Previous post was at 12:52 PM ----------
I would also report the issue to the tech support of WhatsApp, if there's any. Also, change every passwords on your Google devices with more secure passwords, Google, banking, social. And do place a secure password to block your device. Good luck.
Enviado desde mi SM-G550T1 mediante Tapatalk
This is why I dislike Touchwiz, it's so outdated and vulnerable.
Just reflash your whole system, you can find guides on YouTube on how to flash a new firmware.
I would also recommend changing to a custom ROM with up to date security patches.
Edit: You should also change all your passwords to something very difficult like 'nJfi8t%Nc178c'
If you have difficulties remembering there's a lot of apps out there that can help, I personally use last pass, you should check it out.
davidzam said:
I would also report the issue to the tech support of WhatsApp, if there's any. Also, change every passwords on your Google devices with more secure passwords, Google, banking, social. And do place a secure password to block your device. Good luck.
Click to expand...
Click to collapse
If you were conned into downloading a webextension then this has nothing to do with whatsapp it has to do with the user. Conntact google security to change your account. In general if they hacked a phone the phone only is the problem but if they have access to all your info then it can always be a problem. About bluetooth always have at least a code between the devices (some BT keyboards do not even have this). Also look at the security update on the device if it is not the latest then swith to one of the custom roms here which are always secure.
As for passwords think of a sentence and use the first letters of each word incorperate numbers capital letters and a symbol this helps you to remember it.
For example
I Have A Dog Who Name Is Henry And I Love Him=IHADWNIHAILH
now change A for the & symbol one I for 1 and A for 4=1H4DWNIH&ILH
mix it up with some upper case and lower case (names)=1h4dwniH&Ilh
you can now add in other symbols or spell words such as [email protected] (too big so we will use only part @m )add ! after Henry and [] around &Ilh [email protected]![&ILH]
now you have a random easy to remember password. This password is the basis for all the security on android (at the current time) so even if you use a code it still unlocks with this and encrypts.
Applied Protocol said:
If you were conned into downloading a webextension then this has nothing to do with whatsapp it has to do with the user. Conntact google security to change your account. In general if they hacked a phone the phone only is the problem but if they have access to all your info then it can always be a problem. About bluetooth always have at least a code between the devices (some BT keyboards do not even have this). Also look at the security update on the device if it is not the latest then swith to one of the custom roms here which are always secure. As for passwords think of a sentence and use the first letters of each word incorperate numbers capital letters and a symbol this helps you to remember it. For example I Have A Dog Who Name Is Henry And I Love Him=IHADWNIHAILH now change A for the & symbol one I for 1 and A for 4=1H4DWNIH&ILH mix it up with some upper case and lower case (names)=1h4dwniH&Ilh you can now add in other symbols or spell words such as [email protected] (too big so we will use only part @m )add ! after Henry and [] around &Ilh [email protected]![&ILH] now you have a random easy to remember password.
Click to expand...
Click to collapse
Thanks for clarifying that fact for me.
Thanks so much! Would a custom firmware allow me to keep the use of knox? I'm thinking to flash it back to factory and only install and use everything from within knox.
Zep0th said:
This is why I dislike Touchwiz, it's so outdated and vulnerable.
Just reflash your whole system, you can find guides on YouTube on how to flash a new firmware.
I would also recommend changing to a custom ROM with up to date security patches.
Edit: You should also change all your passwords to something very difficult like 'nJfi8t%Nc178c'
If you have difficulties remembering there's a lot of apps out there that can help, I personally use last pass, you should check it out.
Click to expand...
Click to collapse
Applied Protocol said:
If you were conned into downloading a webextension then this has nothing to do with whatsapp it has to do with the user. Conntact google security to change your account. In general if they hacked a phone the phone only is the problem but if they have access to all your info then it can always be a problem. About bluetooth always have at least a code between the devices (some BT keyboards do not even have this). Also look at the security update on the device if it is not the latest then swith to one of the custom roms here which are always secure. As for passwords think of a sentence and use the first letters of each word incorperate numbers capital letters and a symbol this helps you to remember it. For example I Have A Dog Who Name Is Henry And I Love Him=IHADWNIHAILH now change A for the & symbol one I for 1 and A for 4=1H4DWNIH&ILH mix it up with some upper case and lower case (names)=1h4dwniH&Ilh you can now add in other symbols or spell words such as [email protected] (too big so we will use only part @m )add ! after Henry and [] around &Ilh [email protected]![&ILH] now you have a random easy to remember password.
Click to expand...
Click to collapse
Just another question regarding Knox Secure Folder.
If I were to install and run everything through the secure folder and I were to be compromised again through a web extension, would that then all hackers to view everything on my phone again regardless of whether it's in the knox environment or outside? Would a backdoor like that work into the secure environment as it did in my normal android system?
Thanks again!
phoenix79802 said:
Just another question regarding Knox Secure Folder.
If I were to install and run everything through the secure folder and I were to be compromised again through a web extension, would that then all hackers to view everything on my phone again regardless of whether it's in the knox environment or outside? Would a backdoor like that work into the secure environment as it did in my normal android system?
Thanks again!
Click to expand...
Click to collapse
If your knox is still working and not tripped then that would be a good idea. However understand that the way to get in and out of knox still relies on encryption methods see CVE-2016-1919 as well as the kernel level security CVE-2016-6584 see also https://googleprojectzero.blogspot.com/2017/02/lifting-hyper-visor-bypassing-samsungs.html, this means that if the key or encryption method is faulty you can get around it and the kernel is more complicated but will also do the same thing. The last way is to access a shared resource such as a clipboard that has access to both places a example of this is CVE-2016-3996. And CVE-2018-9142. Granted most of these are 2017 and 2018 and a quick look at the samsung CVA at https://www.cvedetails.com/vulnerability-list/vendor_id-822/Samsung.html does not have anything for Oreo this can be since until recently only the 9s' had it. But their is a recurring theme that the CVAs' are repeated out of the last 5 4 are repeated and some are simple mistakes (look at Googles project zero above in KALSAR). The question is is this enough and the answer is probably but a security orientated Rom might be a better bet. (I know this is not fair since they do not have CVAs). But a full wipe and fresh install should be enough. Add in a firewall too if you did not have that already.
phoenix79802 said:
Thanks so much! Would a custom firmware allow me to keep the use of knox? I'm thinking to flash it back to factory and only install and use everything from within knox.
Click to expand...
Click to collapse
Sorry for the late reply, but Knox, in my opinion is super vulnerable, new android versions are safe enough.
And no, using a custom ROM would not have Touchwiz integrated nor Knox. Why? Because it will most likely be running stock android vanilla.
More secure than Samsung's Touchwiz, recommend something like LineageOS.
Zep0th said:
Sorry for the late reply, but Knox, in my opinion is super vulnerable, new android versions are safe enough.
And no, using a custom ROM would not have Touchwiz integrated nor Knox. Why? Because it will most likely be running stock android vanilla.
More secure than Samsung's Touchwiz, recommend something like LineageOS.
Click to expand...
Click to collapse
Look this depends on your perspective
FACT: knox is a hardware based security system which is unique to Samsung
FACT: Samsung phones are the most sold
FACT: The maker of the hardware has the resources to secure it better
Therefore Samsung knox is more secure and yes more users using the phone make it more advantageous to crack it. However Samsung to their credit does try to increase security in other ways such as using the TrustZone more and SEAndroid policy strengthening. Lineage is a great choice however knox which will be tripped and ever if not it needs custom software to run AFAIK. Also samsung is DoD approved see DoD list and news article. This is not necessarily a good indication of overall security but it dos put things in a good perspective (DoD do not patch themselves rather rely on the developers and stay on top of things) Really high security Android OS such as copperhead also have such improvements as Knox (way better if you look carefully) but they are limited on what phones it will work on. Also Android 8 is a lot more secure but fact of the matter is the best party that can secure a Samsung phone is Samsung but I am not saying they do. I would recommend Stock Samsung but if you need a custom rom lineage is a good choice this is true also in terms of power (used to be snapdragon charging on a rooted phone is only up to 80% but I think there is a fix) but in versatility a custom rom always wins and power saver settings can be better than the original.

Categories

Resources