1. Check out our companion app, Forums for Android! Download from Google Play

General Galaxy S3 owners, please help! Is this normal, or have I been hacked?

Discussion in 'Android Devices' started by rv2012, Nov 21, 2012.

  1. rv2012

    rv2012 New Member
    Thread Starter
    5

    Nov 20, 2012
    2
    0
    5
    Alright, so I was browsing some potentially murky/unsafe websites on my Galaxy S3 when I had a horrible system crash, and ever since this crash I've noticed some strange things going on on my phone:

    1. Everything is noticeably slower, and there are occasional 3-5 second freezes.

    2. If I use OS Monitor to examine system activity, I always see a process listening on a bunch of ports like 55555 and 55556, but the name of this process is different every time I look.

    3. If I go into Settings -> Application Manager -> All, click on the current name of the app listening on the ports above, and check its permissions, it always turns out that the app happens to have permission to do about 100 things, from "add or modify calendar events and send email to guests without owners' knowledge" to "directly call phone numbers", you name it -- way more permissions than even a typical system-level process.

    SO, Galaxy S3 owners, I'd be eternally grateful if someone could go into Settings -> Application Manager -> All on their phone & check permissions on a few apps (listed below). Do they have 100+ permissions to do everything under the sun on your phone too?

    Lcdtest
    DttSupport
    TMServerApp

    I know these are legitimate names of system processes that are supposed to be present, but I'm paranoid that on my phone they might've been replaced with hacked versions. If someone could reassure me that they really are supposed to have permission to do literally everything to my system, I'd be grateful!
     

    Advertisement

  2. Musky

    Musky Well-Known Member
    173

    Mar 13, 2010
    1,846
    376
    173
    Male
    Computer Tech
    San Diego
    On my phone they seem to have permission for everything, but I can't tell for sure because I don't know all of the permissions and some may not be listed.

    But, I only have the first two you listed. I do not have "TMServerApp"
     
  3. bigsmokefarmer

    bigsmokefarmer Well-Known Member
    16

    Jul 2, 2012
    50
    1
    16
    I don't have Lcdtest, I do have DttSupport and it has lots of permissions, I also have TMServerApp, but it's not running.

    Hope that helps, do you have anti-virus on your S3?
     
  4. GoldenDiamond

    GoldenDiamond Well-Known Member
    38

    Jul 24, 2012
    226
    23
    38
    Geologist/Student
    Vancouver, Canada
    get some anti-virus software on your phone (then obviously scan your phone) or factory reset.
     
  5. thahim

    thahim Well-Known Member
    83

    May 29, 2011
    502
    20
    83
    Male
    Assistant Director
    Karachi, Pakistan
    I have all three of them with lots of permissions.
     
  6. Yatezy

    Yatezy Well-Known Member
    113

    Sep 10, 2012
    593
    257
    113
    I have all three and they all have an insane amount of permissions but I don't have any problems here, or none that are noticeable anyway.
     
  7. sherlock5545

    sherlock5545 Well-Known Member
    163

    Dec 18, 2011
    1,050
    304
    163
    London, UK
    If you aren't rooted, these system applications cannot be modified, so it's unlikely that you've been hacked. Tryba factory reset if your phone crashes a lot. By the way, what website did you visit?
     
  8. Uppal007

    Uppal007 Member
    15

    Jul 13, 2012
    12
    0
    15
    I also have all 3 with lots of permissions, must be normal then.
     
  9. Spaceprobe

    Spaceprobe Well-Known Member
    53

    Mar 1, 2011
    405
    57
    53
    Male
    Retired Nurse
    Brighton. UK
    Try installing Fast Reboot from the play store and running it
     
  10. dportal2006

    dportal2006 Well-Known Member
    78

    Dec 3, 2011
    662
    88
    78
    Oh man. Do you mind telling me what website did you visit? I would like avoid it. Try downloading and anti virus and then factory reset the phone.
     
  11. Rxpert83

    Rxpert83 Dr. Feelgood
    1,853

    Aug 30, 2011
    17,931
    13,136
    1,853
    Male
    Graduate Student
    MN
    Do a factory reset immediately. Its the only way to know its safe.
     
  12. rv2012

    rv2012 New Member
    Thread Starter
    5

    Nov 20, 2012
    2
    0
    5
    Thanks so much to everyone who replied! I feel better knowing that it's normal for these processes to have crazy permissions, but I did a factory reset anyway just to be extra safe.

    Question, though: a factory reset doesn't re-install the core operating system, right? It just deletes user-downloaded apps + app data? I guess I'm just wondering whether it protects against the situation where the OS itself has been compromised. Is it even possible for there to be a "privilege-elevation"-type exploit where a process gets root access through some security vulnerability and then overwrites core system binaries with hacked versions? Or is it not possible for even a process that gets root access to do this?

    To those who asked what site it was that caused my original crash: I don't have the exact URL, but it was some weird Russian image host that I got linked to from a forum.
     
  13. davidmanvell

    davidmanvell Well-Known Member
    78

    Jul 12, 2012
    677
    70
    78
    Male
    Power Quality Specialist for a medical imaging com
    Virginia Beach, VA USA

    LCDTEST 17 permissions
    DTTSUPPORT 16 permissions
    Do not have the third one.

    Those core files should be safe. Shouldn't have to worry about them.
     

Share This Page

Loading...