¿Hacked & Rooted? or just crazy

[kimchimmnea]

Hello!
I'm new here, I joined because I'm looking for an answer or explanation to an issue I've been experiencing with my s9+.
Over a year ago my phone started lagging, slow to load/login to apps, pics took forever to appear. I switched to a different carrier & phone,
no problems.
A few months later I switched back to the previous provider with the note9 (it's a better quality phone).
It was working great!
About a month & a half ago my phone started lagging, slow to load/login to apps, pics take forever to appear.
Just like before.
(at the risk of sounding paranoid and/or crazy or both)
My ex-boyfriend was sentenced to prison for stalking/harassing me a few months after the first time the phone was acting up & he was released just before my phone started acting all weird again.
I used the phone to Doordash in the past but now it doesn't allow me to login, just loops back to sign in page.
Samsung says the phone is rooted.
When I run device info, doesn't say phone is rooted. when I try to save passwords, I get a toast from SamsungMembers saying cannot save pw because phone is rooted.
I'm unable to view some files because it says I don't have permission.
What I've read about Doordash, they don't allow rooted phones to be used by their drivers.
I downloaded a log logcat reader, not all that good at using it, novice at best.
But I do see some processes that seem sketchy.
The question I'd like to know is;
"If my phone IS rooted, is there a way of tracing it back to the parent operating system???
Thanks for taking your time to read this. SamsungMembers deleted this from their community page. Don't understand why...
~k

 

[Hadron]

Hi, and welcome to the forum!

To start at the end, "is there a way of tracing it back to the parent operating system?" seems to be a misunderstanding of what "rooted" means. Rooting means modifying the phone's operating system so that the user can give administrative privileges (i.e. root privileges in linux-speak) to user-installed apps. That's it. So there is no "parent" operating system to trace back to, it's just a mod to your own phone's OS. It is possible to undo rooting, most simply by "reflashing" the phone with stock (original, official) firmware. You can find this at sammobile.com, you need to find it for your exact version of the phone (which may mean carrier version in some cases), and you'll need a computer and some software to do it (I think maybe Samsung's "smart switch" can do it, otherwise it will be a program called "odin". There will be instructions at Sammobile.com, or people more familiar with flashing Samsungs than I am will be able to advise.

However, before worrying about any of that, let's consider whether anything has actually been done to your phone. Phones can lag for many reasons, and malware is one of the least likely. From the mention of Doordash I assume you are in the US, and North American Samsungs are very hard to root, many of them are impossible. A little research on the North American Note 9 ("Snapdragon" based rather than "Exynos") suggests that's the case here as well; I can find reports of "proof of concept" root exploits for it that either only work if it is still on Android 8 or break data connectivity, and would definitely require physical access to the device for an extended period with a computer in order to do them. Remote rooting is essentially impossible. Therefore it's unlikely that the phone is actually rooted. And note that root itself doesn't slow a phone down or anything, it just allows you to do other things with it (of course if someone malicious had access, remote or physical, to a rooted phone they could do a lot more than with an unrooted one).

Of course that doesn't rule out other types of cyber interference. The first thing I would check is your accounts, especially the Google one but any others as well. Do you have 2 factor authentication on? When did you last change passwords (and is there any chance your ex might know or be able to guess them)? Can you see any unexpected activity in your accounts, e.g. logins from unexpected devices?

A phone has many, many processes running on it. You say you see some that look sketchy, so could you tell us what they are? I ask because we often find people assume that perfectly ordinary processes are sketchy because they don't know what they are (one of the commonest is people panicking because they see something called "incallui" on the phone, which is the "in-call user interface", i.e. the screen you see when in a phone call - I don't know what it is about that name that makes so many people suspicious, but it clearly says something bad to some people). So if you tell is what the processes are someone may be able to say whether they are unexpected or not (though there are so many that I can't guarantee).

As for the mixed messages about rooting, hopefully someone with more experience with Samsungs will answer. The problem is that there are different ways of checking for root, and Samsung has some extra ones via its "knox" security system, and there are things that might prompt a false alert. It might be worth booting into the bootloader and looking at the "knox status" (I'm sure there are instructions online somewhere - it will involve pressing some combination of buttons while rebooting, but the combination varies between phones). Usually you only get glitches in this when you've been fiddling with the phone, but I've seen people report such things without having done so (sadly can't remember explanations right now).

Of course you can always try backing up anything important and factory resetting the phone (make sure you know your Google login details before doing so, or you could find yourself locked out!). This will erase all user-installed apps and data from the phone, so on a non-rooted phone will also remove any malware and if your slowdown is just due to some badly-installed app or crap in the system cache clearing that out would fix it. The catch is always that if you actually do have some malware you need to be careful not to reinstall it from a backup afterwards!

Another test you could try is running in "safe mode" for a bit. That disables all user-installed apps (i.e. everything that isn't pre-installed), so if things run normally after that the slowdown is due to an app (whether malicious or just badly coded - if anything the latter is more likely, since any sensible malware won't try to draw attention to itself). The problem after that is identifying the cause. Again safe mode will involve pressing something while rebooting, the recipe will be on the web somewhere (I don't know it offhand for this phone).

Anyway, sorry that's just a list of suggestions rather than any actual answers.

 

[Dannydet]

This device came out in 2018.
Seriously just get rid of it and move on.
Not to mention the fact that it's compromised by God only knows.
You'll end up with more problems hanging on to it.
Change your email account, change your passwords.

Samsung Galaxy S9+ - Full phone specifications

m.gsmarena.com

That's my advice.

 

[ocnbrze]

ok so we covered the rooting aspect. lets cover hacking. most hackers hack phones to gain access to your account info......mostly for financial purposes. they also potentially gain access to your contacts to add to their list of potential victims. hackers do not like to make their presence known. they want to be in the shadows so that they can steal without you taking precautions to protect your account info.

now i know that we are talking about your ex getting out of prison and might have a vendetta against you. does he have any knowledge in hacking or rooting? if not then i would bet that hacking is not the cause of what is going on with your phone. the older the phone gets, the slower it will get. also apps will eventually stop getting support from their developers as the older android os's age. so as the phone gets old and support stopped, apps will either start to run slow, bugs or glitches will start to happen, and the app may crash more often.

to save yourself some headache and stress of this, i would change all of your account passwords and setup 2-step verification wherever possible.

 

[Hadron]

To be fair, I keep my phones for 4-5 years on average and can't say I've ever experienced slowdown. Many people report it, just saying that it's not my experience (and I apply every update that is available, so while some people say that updates slow the phone this also isn't my experience - and if I had security concerns I would definitely not ignore updates).

 

[Windroid]

¿Hacked & Rooted? or just crazy

I love the way you used an opening question mark in the thread's title! Opening punctuation is a Spanish convention that English ought to adopt. That makes it easier to tell, at a glance, what's a statement and what's a question.

 

[Windroid]

Your phone is from 2018? When's the last time you reinstalled the operating system, that is, reset the phone?

 

[svim]

While it is possible your Galaxy phone has been compromised in some way, instead of blaming your phone as the problem the odds are you should take a look into all the online services you have set up on your phone.
-- Temporarily power off your phone and set it aside. Now on a computer/laptop start logging into all your online services/social media services and change your passwords -- email accounts, DoorDash, Instagram, etc., and especially your account with your cellular carrier.
The thing is, you need to do as much as possible to make your online exposure is under your control. As an example, if your ex is able to log into your email account he has the ability to gain a foothold into whichever phone you switch to -- change to a different phone and once you set up your email account it's game over for that phone, and so on. Since it's not definitive as to which of your online accounts he can access, if he does, you need to go through the arduous process of re-authenticating all of them (or at least all the ones you use on your phones).
-- Once you've reset your passwords, start up your phone and you'll be prompted to do things like enter your new Google account password, and when you try to use apps like your email app you'll need to enter its new password. Your phone doesn't manage and maintain your online services, that's all done online on the servers where your data exists. It does store locally necessary data on your phone but authenticating access to that data involves your online presence.

Regarding your fears on your phone is rooted, that's also a possibility it is but not likely. Don't allow yourself to believe all the fear-mongering that all the trolls and morons post online, nor the actions in a lot of silly movies and TV shows. Rooting a phone is a process that involves unfettered, physical access to the phone. It won't just instantly happen with a push of button nor tapping on a web link -- active user interaction is required. Someone has to have access to your phone, without your oversight, install the necessary software, and then execute its actions to follow through with the rooting process.
Assuming you do have a lock screen enabled, that's going to be a significant way to prevent others from just picking up your phone and doing whatever they want to it. Along with a lock screen, be very judicious about just giving your unlocked phone to others unless you're always nearby to make sure nothing nefarious is being done to it.

 

[Windroid]

(at the risk of sounding paranoid and/or crazy or both)
My ex-boyfriend was sentenced to prison for stalking/harassing me a few months after the first time the phone was acting up & he was released just before my phone started acting all weird again.

The human mind looks for patterns, and sometimes finds patterns that aren't there. It's possible that you're noticing it act weird because you're worried, while previously, you would have dismissed the phone acting up and not even bothered to remember it. I hope so! I'd rather this be just an oddity of the human mind, then this be a crazy ex hacking you phone.

 

[StevenRaccoon]

I still have my Samsung Avant. I go through thrift shops and buy phones and tablets that are locked or ****ed up by the previous dumbass owners and hone in my skills.