Help Is someone remote hacking my Eris?

[gridbug]

Okay, not sure what's going on here and if I'm lucky some of you have had/are having the same experience.

I tend to leave my Eris on all night (plugged into the charger) and this morning when I picked it up I noticed that there were two new shortcut icons on my lockscreen. They weren't there last night. And I didn't put them there. One was a dialer for someone in my call list, and the other was a website bookmark (I didn't click it to see what it was). Last week a Yahoo bookmark appeared on my lockscreen overnight as well, but I didn't act on it until I could research this a bit more. I should also add that a few weeks back the Missus picked up my phone after I'd gone to bed (it was face down on a glass top desk and she saw the light from the screen come on) and she "saw someone typing something" and promptly did a reset. I'm not sure if it was a text app, or an open browser, but she could see letters appearing like someone was entering characters on a keyboard but none of it made any sense.

I have no idea what this could be. Anyone have any answers?

 

[mhrebin]

maybe it was skynet?

 

[gridbug]

I mean, is there possibly an exploit via an app that allows a hacker to get in and fiddle around with my (or anyone's) phone like this? I'm rooted so I'm guessing that since I'm "open" it may be feasible for someone to gain access...

 

[Podivin]

This is a stretch I know, but I'll toss it out there anyway.
First I wondered if you had the 'my phone/trackball gets wacky when plugged into the charger' bug. I'm assuming that if do you would have mentioned that (do you?). A trackball going wacky COULD add/delete items from your home screen (like someone random pressing things all over the phone).

Since you didn't mention that, I began to wonder, when you charge your phone is it face up or face down? Still kind of thinking the same thing. Is it face down with some weight on the trackball, making it 'do' stuff.

 

[erisuser1]

Only the world's dumbest hacker would purposely put things on your screen to make it obvious that they were fooling with your phone.

I'm going with a theory of an overly sensitive capacitive touchscreen - especially after reading the part about "face down on a glass tabletop" (esp. in the winter when indoor humidity can be very low).

Check out this thread (read down far enough to see the part about letter-frequency analysis).

Does this describe your phone:

- Has screen protector?
- Sometimes you put it (face) down without sleeping the phone with the end key?
- You don't use a screen lock?

 

[Caddyman]

yes, ye old bad ground on the charge port causing touchscreen to freak out sounds like the culprit.

 

[gridbug]

Aha! I do recall reading about the trackball issue a while back and I think that just may be the culprit. My screen only seems to "get wacky" when I don't sleep-mode the phone at night, plus I almost always put it face down on the desk. I'll try some alternate positioning (and use airplane mode, or just shut the phone off at night) for a few days and see what happens.

Thanks for the replies... glad the Eris forum hasn't completely died out yet!

 

[erisuser1]

yes, ye old bad ground on the charge port causing touchscreen to freak out sounds like the culprit.

Holy Cow! A Caddyman sighting!

Good to see you are around, bud.

 

[Caddyman]

lol, took a hiatus as i had learned all i needed about the eris, got a new phone so im back for some more learnin'

 

[Frisco]

Holy Cow! A Caddyman sighting!

Good to see you are around, bud.

+1

 

[Chris2183]

yes, ye old bad ground on the charge port causing touchscreen to freak out sounds like the culprit.

My second Eris had this happen. The replacement I got last Friday had the same problem out of the box, and the fourth Eris I got yesterday has a blown earpiece. I now have a D2 on the way from VZW

 

[grvthang]

Okay, not sure what's going on here and if I'm lucky some of you have had/are having the same experience.

I tend to leave my Eris on all night (plugged into the charger) and this morning when I picked it up I noticed that there were two new shortcut icons on my lockscreen. They weren't there last night. And I didn't put them there. One was a dialer for someone in my call list, and the other was a website bookmark (I didn't click it to see what it was). Last week a Yahoo bookmark appeared on my lockscreen overnight as well, but I didn't act on it until I could research this a bit more. I should also add that a few weeks back the Missus picked up my phone after I'd gone to bed (it was face down on a glass top desk and she saw the light from the screen come on) and she "saw someone typing something" and promptly did a reset. I'm not sure if it was a text app, or an open browser, but she could see letters appearing like someone was entering characters on a keyboard but none of it made any sense.

I have no idea what this could be. Anyone have any answers?

As erisuser1 said, only a very dumb hacker would leave that evidence for you to find.
I find that wacky things happen when I use a generic charger and start using the phone while it's still plugged in, or immediately after unplugging it (this has been disussed in other threads on this forum). The weirdest event happened a few a days ago:

My Eris was plugged into the generic charger I use in my living room. I unplugged it and went to use it, and all of a sudden my AppLock screem came up, asking for my password (AppLock is an app that allows you to set up a password to open applications on your phone. I installed AppLock about 8 months ago, used it for about 2 months ago, and then stopped using it - although I kept it installed on the device).

I hadn't used AppLock in 6 months, but luckily I remembered the password I had originally set, and I used it to access the device.

I don't know how or why the Applock app decided to activate; the only thing I can attribute to is the fact that I was using the generic charger.

Are you using a generic charger?

 

[gridbug]

Using the standard charger that came with the Eris and an ordinary USB cable. I've been conscientious about the charger and the trackball and so far there have been no outward signs of weirdness, so there's a good chance that the situation has been resolved. Seems like a hack is less likely... though my initial reaction was that someone had hacked my phone just to prank it and freak me out rather than get all clumsy and leave a trail for me to follow. I know how some of those sick minds operate... *whistles nonchalantly to self*

Thanks again all! Glad to know that this forum STILL rocks!

 

[ACD168]

Only the world's dumbest hacker would purposely put things on your screen to make it obvious that they were fooling with your phone.

I'm going with a theory of an overly sensitive capacitive touchscreen - especially after reading the part about "face down on a glass tabletop" (esp. in the winter when indoor humidity can be very low).

Check out this thread (read down far enough to see the part about letter-frequency analysis).

Does this describe your phone:

- Has screen protector?
- Sometimes you put it (face) down without sleeping the phone with the end key?
- You don't use a screen lock?

Mr Erisuser1, the most informative guy on these forums, Get an INC already we need you over there! haha

 

[nikitala]

I believe that I was hacked. The same thing happened to me except I saw it happen as I was holding my droid. It was really crazy. Someone pulled up the file folder in my phone and pulled up a phone contact list. It scrolled all the way through like it was being downloaded and then the phone was back to normal. It definitely was not a screen or touch issue. I've had almost 10 or so touch devices and I know what I saw. I know now it wasn't just me, but I hope its not malicious. I have many business and personal contact info. Droids are computers and someone is trying to either have fun and pull a prank or really do some possible damage to our privacy. I kinda miss my old dial only cell phones... well perhaps not, but I want to feel some security in this digital age.

 

[erisuser1]

I believe that I was hacked. The same thing happened to me except I saw it happen as I was holding my droid. It was really crazy. Someone pulled up the file folder in my phone and pulled up a phone contact list. It scrolled all the way through like it was being downloaded and then the phone was back to normal. It definitely was not a screen or touch issue. I've had almost 10 or so touch devices and I know what I saw. I know now it wasn't just me, but I hope its not malicious. I have many business and personal contact info. Droids are computers and someone is trying to either have fun and pull a prank or really do some possible damage to our privacy. I kinda miss my old dial only cell phones... well perhaps not, but I want to feel some security in this digital age.

A remote (network-connected) hacker has no need to do anything using the screen. In fact, if they were after information on the phone, performing tasks by using the UI would be the hardest possible way to go about doing that.

 

[nikitala]

A remote (network-connected) hacker has no need to do anything using the screen. In fact, if they were after information on the phone, performing tasks by using the UI would be the hardest possible way to go about doing that.

From what I hear (not like I know people who do this...) but hackers generally do things for the challenge or complete boredom. Who knows.

I have looked this up and others are seeing the same thing happen, it certainly isn't impossible or even implausible that there is some bored loser with hacking skills out there who figured out a remote hack just to mess with droid users (maybe a jilted iphone user).

I would not have thought twice about a random folder showing up if I had not seen for myself the entirety of what took place. The menu button was initiated, then settings popped up, then the filefolders pulled up frm phone memory then the phone contacts dragged (yes the motions were visible) to the homescreen. It was not a coincidence or act of god.

My father and brother are government contract computer software and hardware engineers for over 45 years of combined experience and both are aware of these things being possible and actually happening.

Im just trying to figure out why I was hacked and perhaps how to prevent it from happening again.

 

[Demache]

From what I hear (not like I know people who do this...) but hackers generally do things for the challenge or complete boredom. Who knows.

I have looked this up and others are seeing the same thing happen, it certainly isn't impossible or even implausible that there is some bored loser with hacking skills out there who figured out a remote hack just to mess with droid users (maybe a jilted iphone user).

I would not have thought twice about a random folder showing up if I had not seen for myself the entirety of what took place. The menu button was initiated, then settings popped up, then the filefolders pulled up frm phone memory then the phone contacts dragged (yes the motions were visible) to the homescreen. It was not a coincidence or act of god.

My father and brother are government contract computer software and hardware engineers for over 45 years of combined experience and both are aware of these things being possible and actually happening.

Im just trying to figure out why I was hacked and perhaps how to prevent it from happening again.

It still seems strange though. Once again, if it was malicious, they would need to do it in a way that you would never notice. And through the GUI is the WORST way to go about doing it. And also the screen cannot be remotely controlled without having root access, which Android has no way to do without being physically connected to a PC through a developer interface or having a remote control type app that has root access. You can't remotely hack a phone, if the phone doesn't understand how to respond to the commands to begin with. Hacking isn't magic.

Is your phone rooted?

 

[nikitala]

It still seems strange though. Once again, if it was malicious, they would need to do it in a way that you would never notice. And through the GUI is the WORST way to go about doing it. And also the screen cannot be remotely controlled without having root access, which Android has no way to do without being physically connected to a PC through a developer interface or having a remote control type app that has root access. You can't remotely hack a phone, if the phone doesn't understand how to respond to the commands to begin with. Hacking isn't magic.

Is your phone rooted?

No - My phone was not rooted (This happened on Droid 1, I was just upgraded for free to Droid 2 last weekend).

I understand what you are saying completely. This does not make sense at all to me either. If it were a simple malware or thing like that I would be happy to get a new phone and call it a day. What concerns me is the amount of damage this type of hacking could do on a much broader scale being that google/android is so popular. All of my contacts and info are on my phone via gmail. Dont forget that droids are pretty much scaled down computers. I understand they have their operating system differences, but they perform all of the same basic tasks especially in regards to email and even banking.

I did see in forums that other people had problems with after market chargers. My first Droid (Ive total had 7) I used with an after market charger and yes I did have the ghost screen issues and random button pressing which I figured out right away. What I am wrote earlier was completely different. It was the craziest thing I have experienced and Ive had just about every platform and device of PDA/smartphones since the old HP IPAQ's.

Scenario: Droid's apps are all opensource, so there is definitely a chance I could have just downloaded some nasty virus.

Scenario: My refurb could have been rooted at some point (I know they are wiped, but I dont discount the fact that maybe a tech at moto dropped in a hack theirself). Do you remember a few years ago, some criminal TJ maxx employees hijacked all those credit cards? Internal sabotage cannot be discounted.

Scenario: It could have been someone in my midst (ie boyfriend) Though Not likely since I always have my phone, even in the bathroom. Plus, I dont hide anything from him. He knows all my friends, has all the access he wants to my computer and email accounts.

Interestingly: I used droid to bank through Bank of America. I do not know if this is related, but last week all of my transfer accounts were removed from my checking account. I have never heard of this happening ever, nor did BOA customer service. WHen I tried to transfer to my bf, it gave me an error message saying I had not transfer accounts set up. I have not yet re-added any transfer accounts, but I do plan on changing my BOA password the next time I go to the bank. I do not want to change it online, in case my computer or phone was indeed hacked.

I am not trying to come up with conspiracies, but just showing that there are possibilities. I do not believe it was anyone I know, and I figure that whoever is behind this is either bored, or selling my info or otherwise using my info to get something/someone else.

My goal is to just figure out what is going on, and to see if anyone else has had this happen to them. It is always better to proceed with caution when it comes to sensitive information on the web. Anyone getting into my email could potentially cause damage.

Finally, I LOVE my droid - It is the most useful device that organizes my life and saves me so much time. I want to feel comfortable enough with it to utilize the full capabilities, but it concerns me just how much of my info is possible to be exposed. I do not WANT to be hacked, I just want to know what exactly happened. I dont want to lose faith in my device - I think they are the simply the best platform/devices right now.

 

[doogald]

Interestingly: I used droid to bank through Bank of America. I do not know if this is related, but last week all of my transfer accounts were removed from my checking account. I have never heard of this happening ever, nor did BOA customer service. WHen I tried to transfer to my bf, it gave me an error message saying I had not transfer accounts set up. I have not yet re-added any transfer accounts, but I do plan on changing my BOA password the next time I go to the bank. I do not want to change it online, in case my computer or phone was indeed hacked.

If you really are concerned that somebody is accessing your accounts, why are you waiting until next week? Call customer support on the phone right now!

Also, BoA has a system called SafePass, which sends a text message with a code that you must enter into a designated area whenever a new computer/browser accesses your account online - a second factor of authentication, at least for that first time you log in (it may be possible to set this up for every time.) I'd turn that setting on for your account after you set it up with a new password ASAP.

To find out if your phone is rooted, I'd get a terminal emulator app and enter "su" at a prompt (the prompt should start with "$"). If the prompt changes to start with "#", then your phone has root access. If it instead asks for the root user password, then it is probably not.

 

[nikitala]

Update:

Ive been looking this up more and I have found a newer issue. My gmail account has been compromised. I looked at the IP log on a desktop computer and there are logins from various mobile IP addresses at least in the last day, probably more, but I can only access recent logins. They both came from mobile IP's and originated from PA and NY.

I am resetting all passwords and setting up a new "fake" gmail to add to my phone.

I dont know whats going on, but I am getting more and more disturbed the further I dig. I just want to share so maybe others will have a heads up to real issues on droid.

Anyone have any suggestions?

 

[doogald]

Update:

Ive been looking this up more and I have found a newer issue. My gmail account has been compromised. I looked at the IP log on a desktop computer and there are logins from various mobile IP addresses at least in the last day, probably more, but I can only access recent logins. They both came from mobile IP's and originated from PA and NY.

I am resetting all passwords and setting up a new "fake" gmail to add to my phone.

I dont know whats going on, but I am getting more and more disturbed the further I dig. I just want to share so maybe others will have a heads up to real issues on droid.

Anyone have any suggestions?

Google just added multi-factor authentication to Gmail (it's being rolled out slowly). There are a few different ways to get that second factor - there is an Android app that you can associate with your account from your phone, or it can text you a code by SMS, or I think it either has a bot call you and say the code or you call it to get the code - I can't remember which. Also, you can print out a sheet of ten single-use codes that you can access if any of those methods are impossible (i.e., you are a Verizon customer vistiting a friend in Germany and wishing to borrow his computer to look at your gmail.) Anyway, it adds that extra bit of security to gmail that may be worth it.

Make sure that you create a gmail password that you do not use for anything else - the last thing that you want is to have somebody intercept it and then know what you use for ebay, say.

Gmail (on a PC browser) has an option is settings to always use https - turn that on. However, that said, Gmail has always used SSL for authentication/login, so the likelihood that somebody gained your password from sniffing packets is nearly impossible, unless you surfed to a compromised gmail staging site and did not see the https lock icon or indicator in the browser.

Just to put it out there, you do know that when your Android phone syncs with Google to get gmail, that is a mobile device that is connecting, right?

Here are some articles about this feature:

Official Google Enterprise Blog: A more secure cloud for millions of Google Apps users

Recapping Google’s new two-factor authentication

Good luck. I hope that you got that BoA problem fixed, too.

 

[nikitala]

Google just added multi-factor authentication to Gmail (it's being rolled out slowly). There are a few different ways to get that second factor - there is an Android app that you can associate with your account from your phone, or it can text you a code by SMS, or I think it either has a bot call you and say the code or you call it to get the code - I can't remember which. Also, you can print out a sheet of ten single-use codes that you can access if any of those methods are impossible (i.e., you are a Verizon customer vistiting a friend in Germany and wishing to borrow his computer to look at your gmail.) Anyway, it adds that extra bit of security to gmail that may be worth it.

Make sure that you create a gmail password that you do not use for anything else - the last thing that you want is to have somebody intercept it and then know what you use for ebay, say.

Gmail (on a PC browser) has an option is settings to always use https - turn that on. However, that said, Gmail has always used SSL for authentication/login, so the likelihood that somebody gained your password from sniffing packets is nearly impossible, unless you surfed to a compromised gmail staging site and did not see the https lock icon or indicator in the browser.

Just to put it out there, you do know that when your Android phone syncs with Google to get gmail, that is a mobile device that is connecting, right?

Here are some articles about this feature:

Official Google Enterprise Blog: A more secure cloud for millions of Google Apps users

Recapping Google

 

[doogald]

My password questions were also changed to ask for a library account number, which I never had. More weirdness.

Ah, yes, that.

Google lets you change that question to whatever you want. Make the question generic ("What is it?") and memorize the answer (e.g., "Andro1dC0uldBeBett3r").

I once noticed something similar - weird activity from an IP that I simply did not recognize. I went and changed my password, verified all of my security info - my recovery email account, my mobile phone number, etc. - then realized that I had signed up for some service the day before that I had accessed with my gmail account and password, and that was likely what accessed gmail. It still felt better changing things up. After reading what you wrote, I am thinking that I will activate two-factor myself (it wasn't available on my account the last time that I checked.)

My one big issue is that my wife is not very tech-minded at all and I hate to make things even harder for her if something happens to me and she wants access to my account. One of these days I need to document all of this for her...

 

[erisuser1]

They both came from mobile IP's and originated from PA and NY.

Be careful in placing too much confidence in the "geolocation" results that try to associate IP addresses with geography. Many times they are correct, but sometimes they are wildly incorrect.

While IP address blocks are handed out internationally by region, it is trivial for a national ISP (like AT&T/Verizon/Sprint/Comcast/Time-Warner/et cetera) to allocate those blocks to customers anywhere within their network reach.

If your handset spends most of it's time in one location, the mobile IP addresses you would see in Gmail's logs can be very similar to one another (many of the leading digits would be the same). OTOH, if your phone was allowed to roam it's data services, it would be possible to aquire a 3G link to a different carrier that has a roaming agreement with Verizon, and then it would be possible for your IP address to literally "jump all over the map".

I'm not saying you weren't hacked; although if it did happen, I'd lay money on it having occurred on a Windows PC as opposed to any other device. (The phone doesn't store your password, and the only time you ever enter it on a Android phone is at the beginning - before you load any apps).

If you want to reset passwords, and you think your PC might be compromised, one thing that isn't too hard to do is to boot up a "Live CD" Linux distro instead of your regular PC's OS - most recent distros bring up your network connection (via DHCP) automatically, so all you need to do is fire up the browser. The CD is a read-only medium, so every time it boots, you can be sure that nobody has "fooled" with it; the only way that you would still be vulnerable would be if a hardware sniffer had been installed on your PC, and that seems unlikely.

good luck