New Android Security Threat Found.

Last Updated:

  1. argedion

    argedion The TechnoFrog Moderator

    Saw this article today and thought wow if someone actually has 4G and enjoys it this may affect them. Since I have no 4G and have never had Wimax on I really am not concerned with this. But for you who are here is the article on Good and Evo

    marctronixx likes this.
  2. ocnbrze

    ocnbrze DON'T PANIC!!!!!!!!! Moderator

    wow! that sounds pretty bad. how did htc miss this loophole?
  3. argedion

    argedion The TechnoFrog Moderator

    to busy looking at bottom line instead of quality (or thats my guess at least)

    hmm just thinking this thread probably needs to be move to general pop. It affects everyone rooted or not, who use wimax
    ocnbrze likes this.
  4. ocnbrze

    ocnbrze DON'T PANIC!!!!!!!!! Moderator

    moved you to the general section.
    argedion and marctronixx like this.
  5. Rxpert83

    Rxpert83 Dr. Feelgood Moderator

    He shows the vulnerability in airplane mode, so it doesn't matter if you have 4g ON or OFF the vulnerability is there.
    Toyz, ocnbrze, argedion and 1 other person like this.
  6. ocnbrze

    ocnbrze DON'T PANIC!!!!!!!!! Moderator

    can we say OTA? and who says that the htc evo does not get support? lol
    marctronixx likes this.
  7. mcl1981

    mcl1981 Well-Known Member

    If the phone is in airplane mode, there is no threat. The radios are off. There is no communication in or out of the device.
    marctronixx likes this.
  8. novox77

    novox77 Leeeroy Jennnkinnns! VIP Member

    The vulnerability can be exploited even in airplane mode, but the hacker has to have direct access to the phone. so it's not a common use-case.

    But it should be noted that you don't need to have the 4G radio on to be susceptible to this exploit. If any radio is on, you could be compromised. It's a serious issue and is relevant for any HTC phone that is capable of WiMax 4G.
    9to5cynic, ocnbrze and marctronixx like this.
  9. mcl1981

    mcl1981 Well-Known Member

    I don't think that counts. Stealing the phone is not hacking.
  10. novox77

    novox77 Leeeroy Jennnkinnns! VIP Member

    Stealing/borrowing a phone to obtainpersonal info from it by using a known exploit is totally hacking. But like I said, it's not a common use case. My point was that the vulnerability had nothing to do with wimax usage or radio state. Many people think that they have to have their 4G radio on to be vulnerable. Not true.
    ocnbrze likes this.
  11. 9to5cynic

    9to5cynic Well-Known Member

    Wow, not sure how I missed this one. Pretty huge threat. I image that reprogramming the CDMA parameters could FUBAR the phone yes?

    Also, does this apply to all Roms or only stock? Anyone know? I don't have the internet required to play the video on that page, but the article made no mention of it.
  12. hortstu

    hortstu Well-Known Member

    Is this threat still active? If so is this something a hacker in possession of a phone can do even if they're "locked" out by a password or pattern?
  13. kct1975

    kct1975 Well-Known Member

    Wow! I wonder if that is happening with my HTC EVO 4G device.

    I already posted my problems to another thread today and was referred here.

    So, here is a quick list of the problems that I have been experiencing.

    First, on Saturday 31 December, I was surfing the internet on my phone and all of the sudden a pictire on the web page I was viewing was selected. Then the 'save image' menu poped-up, then the phone itself scrolled through the options and selected the 'Set Image As Wallpaper' option, and then the menu closed. At the time, I did think the whole thing was strange, but I rationalized it as me possibally sending too may touch commands to the device (even though I was not touching the screen when the afore mentioned occurred). Anyway, I went into the settings and fixed my Wallpaper.

    Then today, I turned on my HTC EVO device. I checked my e-mail, and then checked out a video on YouTube using the app. I then decided to comment on the video that I had just watched, and as I started to type my comment, the on-screen keyboard started typing random letters and characters. I kept deleting the unwanted text and it kept typing it out. Then I tried to reboot the phone and it froze up and I was forced to do a 'battery pull' (which I know is not great for an Android phone).
    Once the phone came back up, I tried to send an e-mail to Lookout and the on-screen keyboard started typing random letters and characters again. I again fought the problem with the delete key and again the phone froze, forcing me to do another 'battery pull'.
    Once the phone rebooted, I then accessed this forum, and attempted to type a message, at which time the on-screen keyboard started repeatedly typing 6 and y. I somehow finally got it to stop and was able to post my message. A little later, however, the phone froze again, and this time after it rebooted, following another ' battery pull' I was on one of my alternate home screen panels, and the phone started attempting to remove icons from the panel by trying to drag them to the bottom of the screen.

    Basicly, with all of the afore mentioned issues it seemed as if someone was controlling my phone remotely, and was messing with me.

    So in the end, my questions are this....

    Has anyone else experienced this problem ?


    Could the exploit and security flaw mentioned in this thread be the reason for my problems ?

    Any advice is greatly welcome.
  14. 9to5cynic

    9to5cynic Well-Known Member

    I haven't heard of anything like that. And if I remember right, this exploit is something that would (at one point) need to have been done in close proximity. But I don't recall the exact exploit.

    I'd save your pictures to your computer, music, anything like that. Then, I would FACTORY RESET in the data and storage menu. Can't be too save. If you do have someone tampering with your device, they could (in theory) do much more. So.... factory reset would be an inconvenience, but it could save your ass from some charges or identity theft (again, in theory, don't know exactly what is going on with your phone).

    You are not rooted by chance are you? I know this isn't the root sub-forum, but if you are, then you would have different options available to you.
    kct1975 and ocnbrze like this.
  15. KathyL

    KathyL Active Member

    WOW, kct!!! That would definitely worry me!!!! I would, just for safety's sake and precaution, figure what financial and personal info you have on your phone and keep an eye on things!!!

    Sent by my Purple MikGEvo
  16. kct1975

    kct1975 Well-Known Member

    Additional strangeness and thoughts....

    First, it seems that when I turned off the WiFi on my HTC EVO, that problems (freezing, typing in random letters and removing and rearranging icons) seemed to have completely stopped, and then the problems resumed when I turned the WiFi function back on. Please note that I was using my home WiFi network, provided by Verizon DSL, yesterday (Jan. 3) and on December 31 so it was not a strange WiFi network.

    Additionally, this morning (Jan. 4) when I started my HTC EVO phone up, it again started typing letters on its own then froze again. I did have the WiFi turned on and was connected to my home network. I did do a battery-pull and reboot the phone and as soon as I left my house, I did not have any problems. Also, I have had the WiFi turned on and have been connected to the office WiFi all day, and have not had a problem.

    Please explain the reason that my home network WiFi seems to be adversely effecting my HTC EVO phone ? It is one of the additional reason that I am worried that my phone might have been hacked and is being remotely controlled.

    Please let me know your thoughts. Thanks
  17. ocnbrze

    ocnbrze DON'T PANIC!!!!!!!!! Moderator

    you can always try lookout to see if there is any viruses or malware on your phone. also maybe try calling or taking the phone into sprint and see what they say.
  18. kct1975

    kct1975 Well-Known Member

    Thanks for your response ocnbrze

    Just for the record here, I did actually contact HTC Tech support today, and got a response with some good tips that I will try (including doing a Factory Reset).

    Also, I am planning on taking your advice, ocnbrze , and that of others, and I will take my HTC EVO to a Sprint Repair store.

    This is just so frustrating and now I am wondering if someone has hacked my home WiFi network.
  19. 9to5cynic

    9to5cynic Well-Known Member

    Hmmm... as far as someone hacking your wifi - can you enlighten us a bit on your wifi? What encryption are you using? Open? WEP? WPA-2?

    Also, have you noticed anything 'strange' on the network, any devices or heavy usage?

    I would definitely do the factory reset. Lookout would be a good place to start though, you could just (i suppose) have a hardware failure (the touch screen could be messed up..)....

    keep us informed.
    kct1975 and ocnbrze like this.
  20. KathyL

    KathyL Active Member

    kct1975 and ocnbrze like this.
  21. BeTrue

    BeTrue Active Member

    Just as a possible source of your trouble, I had a cheap charger go bad on me that caused all kinds of false screen touch trouble when it was used to charge my EVO. I figure it was not filtering 'noise' out if the supply voltage. Where you charging at the time of your keyboard trouble?
    kct1975 likes this.
  22. kct1975

    kct1975 Well-Known Member

    Just checking out my old post so retroactively Thank everyone. I finally got a chance to check out the link you posted. I agree that while the link is talking about Blackberrys, it does sound like what I experienced.

    Just so you, and everyone else knows, my problems have seemed to have cleared up Without doing a Factor Restart.

    Not sure, but it seems that the problems stopped after the OTA software update pushed out by Sprint.

    Thanks again!

Share This Page