Hi,
My phone was recently compromised with a sophisticated RAT. The exploits the RAT used were picked up by CM security and CM said it found.
1. Towel Root Exploit
2. Fake ID Exploit - something to do with exploiting Android certificates.
The thing is I have never rooted the phone or done anything other than a factory reset and purchased it new.
I'm concerned this may have been planted by someone close to me and need information to ensure I am safe in future.
How possible is it that this was carried out physically? the hacker who planted the RAT had physical access to my phone?
There is also other evidence which I can supply which was suggesting my phone had been flashed without my knowledge as well.
Any help would be greatly appreciated.
UPDATE: I just did a factory reset and reinstalled CM and again the exploits were found. How is this possible? Is the malware embedded in my ROM?
-Tim
timmyhall83 said:
Hi,
My phone was recently compromised with a sophisticated RAT. The exploits the RAT used were picked up by CM security and CM said it found.
1. Towel Root Exploit
2. Fake ID Exploit - something to do with exploiting Android certificates.
The thing is I have never rooted the phone or done anything other than a factory reset and purchased it new.
I'm concerned this may have been planted by someone close to me and need information to ensure I am safe in future.
How possible is it that this was carried out physically? the hacker who planted the RAT had physical access to my phone?
There is also other evidence which I can supply which was suggesting my phone had been flashed without my knowledge as well.
Any help would be greatly appreciated.
UPDATE: I just did a factory reset and reinstalled CM and again the exploits were found. How is this possible? Is the malware embedded in my ROM?
-Tim
Click to expand...
Click to collapse
1) Towel root is an application used to root phones, it itself is not malware
2) FakeID is a vuln, but not one to get worked up over and not introduced by malware
CM Security is utter garbage, and is only popular due to the shear amount of spamming that company has done. I have deleted a ton of their spam from here. Use Lookout if you want movie anti virus software. Delete that trash of an app CM.
jcase said:
1) Towel root is an application used to root phones, it itself is not malware
2) FakeID is a vuln, but not one to get worked up over and not introduced by malware
CM Security is utter garbage, and is only popular due to the shear amount of spamming that company has done. I have deleted a ton of their spam from here. Use Lookout if you want movie anti virus software. Delete that trash of an app CM.
Click to expand...
Click to collapse
Towel root is an exploit and can be packaged into malicious apps. If you do a Google search on this there are various articles explaining how it will be a nightmare for security firms due to this reason.
timmyhall83 said:
Towel root is an exploit and can be packaged into malicious apps. If you do a Google search on this there are various articles explaining how it will be a nightmare for security firms due to this reason.
Click to expand...
Click to collapse
Yeah I dont need garbage from a google search, I know what it is and how it works, doesnt change statement.
jcase said:
Yeah I dont need garbage from a google search, I know what it is and how it works, doesnt change statement.
Click to expand...
Click to collapse
Solid logic my friend.
I'll save you the hassle of searching and offer you this quote from an AVAST Virus Lab expert.
“Even though TowelRoot is not malicious itself, it may be misused as an exploit kit. Generally, TowelRoot can be used as a delivery package for malicious applications,” explained Filip Chytry, an AVAST Virus Lab expert on mobile malware. “It’s capable of misusing a mistake in Android code which allows attackers to get full control over your Android device. TowelRoot itself is more a proof-of-concept, but in the hands of bad guys, it can be misused really quickly. For this reason we added it to our virus signatures, so Avast detects it as Android:TowelExploit.” - Quoted from - blog.avast.com/2014/06/20/samsung-galaxy-s5-and-other-popular-phones-vulnerable-to-towelroot-android-exploit/
timmyhall83 said:
Solid logic my friend.
I'll save you the hassle of searching and offer you this quote from an AVAST Virus Lab expert.
“Even though TowelRoot is not malicious itself, it may be misused as an exploit kit. Generally, TowelRoot can be used as a delivery package for malicious applications,” explained Filip Chytry, an AVAST Virus Lab expert on mobile malware. “It’s capable of misusing a mistake in Android code which allows attackers to get full control over your Android device. TowelRoot itself is more a proof-of-concept, but in the hands of bad guys, it can be misused really quickly. For this reason we added it to our virus signatures, so Avast detects it as Android:TowelExploit.” - Quoted from - blog.avast.com/2014/06/20/samsung-galaxy-s5-and-other-popular-phones-vulnerable-to-towelroot-android-exploit/
Click to expand...
Click to collapse
I work fulltime in the mobile security industry "my friend". I analyze a large number of malware and exploit samples, on frequent basis. I'm well aware of what TowelRoot is, and did the first third party analysis of the exploit (as GeoHot shared a copy a day early with me).
That whole statement is rather poor, and misinformed. The Futex vulnerability, which is what towel root uses, is not even in Android code, its in the Kernel code. TowelRoot is not a proof of concept, its a full blown exploit doing it's designed purpose. Towelroot, as is, can not be used as a "delivery package".
Next time before coming with attitude against someone helping you, please do your research.
jcase said:
I work fulltime in the mobile security industry "my friend". I analyze a large number of malware and exploit samples, on frequent basis. I'm well aware of what TowelRoot is, and did the first third party analysis of the exploit (as GeoHot shared a copy a day early with me).
That whole statement is rather poor, and misinformed. The Futex vulnerability, which is what towel root uses, is not even in Android code, its in the Kernel code. TowelRoot is not a proof of concept, its a full blown exploit doing it's designed purpose. Towelroot, as is, can not be used as a "delivery package".
Next time before coming with attitude against someone helping you, please do your research.
Click to expand...
Click to collapse
I have done my research. It's seems out of the ordinary that a quote from a company representative of a major anti-virus firm would be 'rather poor, and misinformed'. Who's a more reliable source you or him?
I'm not coming with an attitude against anyone, if anything your second response was coming against me with attitude.
timmyhall83 said:
I have done my research. It's seems out of the ordinary that a quote from a company representative of a major anti-virus firm would be 'rather poor, and misinformed'. Who's a more reliable source you or him?
I'm not coming with an attitude against anyone, if anything your second response was coming against me with attitude.
Click to expand...
Click to collapse
Its not out of the ordinary, its called FUD and rather common.
In this case, me.
My second post had no attitude,
This is your THIRD thread about this topic, you have your answers. You seem not to like the answers.
jcase said:
Its not out of the ordinary, its called FUD and rather common.
In this case, me.
My second post had no attitude,
This is your THIRD thread about this topic, you have your answers. You seem not to like the answers.
Click to expand...
Click to collapse
Okay so explain to me, what would be the point of anti-virus companies adding the exploit to their databases if it can't be used for malicious purposes?
Your reply came of as pretty arrogant so yeah it did have attitude.
timmyhall83 said:
Okay so explain to me, what would be the point of anti-virus companies adding the exploit to their databases if it can't be used for malicious purposes?
Your reply came of as pretty arrogant so yeah it did have attitude.
Click to expand...
Click to collapse
The vulnerability can, that exploit as is can't as it requires user interaction.
More detections, more pop ups they show customers, more sales they get.
You have been given you answer here, and in the other two threads. I am closing this thread, please do not repost this question to other sections.
Related
Hi guys
i just read about trojan attack on android phones and hence i am planning to install antivirus software.
Could you please guide which is the best antivirus for galaxy tab which should not be very resource hungry.
Thanks in advance
Sent from my GT-P1000 using XDA App
I use look out
Sent from my SGH-T849 using Tapatalk
pda_crazy said:
Hi guys
i just read about trojan attack on android phones and hence i am planning to install antivirus software.
Click to expand...
Click to collapse
A report that was released by a company selling anti-virus products for Android. A report that has since been attacked for its credibility, as it seems the "trojan" may simply have been a legitimate (if intrusive) reporting mechanism used by the Chinese store selling those apps.
Bottom line: If you don't side-load content, you simply do not need anti virus on Android. It's a waste of time, money, processing power and battery life. I'm not aware of any known exploits on the Android ecosystem that don't require the user to side-load malware from sources outside the official Android market.
Android isn't windows. Android is a secure architecture from the ground up. Android doesn't have OS holes that need plugging. Android doesn't offer itself up to be infected every time an email is received.
If you're really worried about viruses, simply don't install apps from anywhere except the official Android market. Doing this single thing will do far more to guarantee safety than any anti-virus software.
Now if you do side-load content from questionable sources, an anti-virus product could potentially provide protection. In the real word, anti-virus software rarely recognizes new, zero day exploits. so not all that much protection at all.
After hearing such good things about android i am feeling proud to be android owner.
Sent from my GT-P1000 using XDA App
Do we really need an Antivirus on the Galaxy Tab?
Better safe than sorry especially since there is no rejection poilicy for the market
Sent from my GT-P1000 using XDA App
i think your better served reading the permissions of apps installed.
Things like Applanet that ask for access to log in credentials are far more dangerous then malware.
That is as long as your not getting your apps from chinese markets.
NetQin Android Antivirus
pda_crazy said:
Hi guys
i just read about trojan attack on android phones and hence i am planning to install antivirus software.
Could you please guide which is the best antivirus for galaxy tab which should not be very resource hungry.
Thanks in advance
Sent from my GT-P1000 using XDA App
Click to expand...
Click to collapse
NetQin Android Antivirus, works fine!
TainT said:
i think your better served reading the permissions of apps installed.
Things like Applanet that ask for access to log in credentials are far more dangerous then malware.
That is as long as your not getting your apps from chinese markets.
Click to expand...
Click to collapse
This.
Antivirus apps are not required. These "reports" are from antivirus creators designed to make you think you need one.
Actually read the reports? They are not viruses, but simply permissions you give it when installing anyway.
I wouldn't have thought antivirus was required, especially given Android's base as a Linux. All it would do is waste CPU cycles.
Spent the last 5 years as a Symbian user listening to people claim that AV on the phones was a 'must have'.
Glad to see some things are the same on Android!
A Trojan Horse on Android/Linux is like an upper class chav, it's not going to happen.
Sent from my GT-P1000
EStrong Security manager isn't an antivirus per se but it seems to do a manual scan for malicious apps. They're very vague as to what it actually does though.
I don't really understand why people feel the need to get anti-virus for linux. To get something malicious you've got to install it yourself and thats pretty damn hard considering the phone will tell you what the app is tring to access and even then the app doesn't have any access to any other apps nor does it have root access to the phones file system.... the most it could really do is collect data about you, or maybe delete files on your SD card or something like that.
there is some very naive linux fanboys in here. there is plenty of reasons to have some sort of malware/privacy security on android. there have been various independant confirmations of apps in the market place containing malware espesially in the last month or so.
lookout is a good one or kaspersky. the both have good scanners and also can protect personal info aswell.
TheATHEiST said:
there is some very naive linux fanboys in here. there is plenty of reasons to have some sort of malware/privacy security on android. there have been various independant confirmations of apps in the market place containing malware espesially in the last month or so.
lookout is a good one or kaspersky. the both have good scanners and also can protect personal info aswell.
Click to expand...
Click to collapse
I would think that since the last reply was from January, people would have learnt that.. The last malware incident that got Google involved within 5 minutes and had over 50 apps pulled was pretty well publicized.
Anyway, people have got to realize that no one OS is invulnerable. It's just a matter of time before people start finding exploits when an OS gets popular - for Android that time is now. Heck, not sure how many people are aware, but roots and jailbreaks ARE exploits themselves. Trying scanning the rooting/jailbreaking tools with your desktop AV and all becomes clear.
darkwoof said:
Heck, not sure how many people are aware, but roots and jailbreaks ARE exploits themselves. Trying scanning the rooting/jailbreaking tools with your desktop AV and all becomes clear.
Click to expand...
Click to collapse
Precisely. A rooted device is the best to attack for malware apps. If there's a developer that's smart enough, they can get pretty much anything if you're rooted.
Sent from my GT-P1000 using XDA Premium App
Since I'm rooted, I installed Lookout too.
Funny coz it's easily uninstalled eventhough has apps policy/administrator (I forgot the name)
Well.. I use it mainly for the Missing Device feature (paired with PREY also).
GANJDROID said:
Precisely. A rooted device is the best to attack for malware apps. If there's a developer that's smart enough, they can get pretty much anything if you're rooted.
Sent from my GT-P1000 using XDA Premium App
Click to expand...
Click to collapse
dude you did not understand the last post at all!
you dont need to have your device rooted. a normal market app can root your device without you knowing it, and can then do whatever with your device.
how do you think z4root does root your device? (z4root is an app that does root the phone for you, normally with your knowledge)
Geletis said:
A report that was released by a company selling anti-virus products for Android. A report that has since been attacked for its credibility, as it seems the "trojan" may simply have been a legitimate (if intrusive) reporting mechanism used by the Chinese store selling those apps.
Bottom line: If you don't side-load content, you simply do not need anti virus on Android. It's a waste of time, money, processing power and battery life. I'm not aware of any known exploits on the Android ecosystem that don't require the user to side-load malware from sources outside the official Android market.
Android isn't windows. Android is a secure architecture from the ground up. Android doesn't have OS holes that need plugging. Android doesn't offer itself up to be infected every time an email is received.
If you're really worried about viruses, simply don't install apps from anywhere except the official Android market. Doing this single thing will do far more to guarantee safety than any anti-virus software.
Now if you do side-load content from questionable sources, an anti-virus product could potentially provide protection. In the real word, anti-virus software rarely recognizes new, zero day exploits. so not all that much protection at all.
Click to expand...
Click to collapse
Dude, You have absolutely no clue what you are talking about. MANY malware have been discovered as been submitted and released via market.
http://pocketnow.com/android/google-removes-ten-malware-infected-apps-from-android-market
I don't know if this is just an advertising scheme of AVG Mobile Solutions through their Facebook page, but when the banning of banking connections (PayPal, online banking, etc.) on rooted devices is pushed through, DAMN IT WE'RE REALLY F*****!
Read more on AVG Blogs HERE
Definitively a marketing scheme... for the clueless...
"Google is blocking access to some services on rooted devices."
Well.. they did get that spot on..
narflynn619 said:
I don't know if this is just an advertising scheme of AVG Mobile Solutions through their Facebook page, but when the banning of banking connections (PayPal, online banking, etc.) on rooted devices is pushed through, DAMN IT WE'RE REALLY F*****!
Read more on AVG Blogs HERE
Click to expand...
Click to collapse
Don't worry, there is no way for a website to detect if you are rooted or not. There's also no reason for financial companies to do that - they would piss off users for zero gain in security.
Rooted devices are currently unsupported by Google due to requirements related to copyright protection.
Click to expand...
Click to collapse
Uh, what? Google has *only* shipped devices with root capability so far, what is this "unsupported" crap?
kllrnohj said:
Don't worry, there is no way for a website to detect if you are rooted or not. There's also no reason for financial companies to do that - they would piss off users for zero gain in security.
Uh, what? Google has *only* shipped devices with root capability so far, what is this "unsupported" crap?
Click to expand...
Click to collapse
I'm sure they're referring to video rentals from the new market being blocked for people on rooted devices.
Well the security increases a litle on non-rooted devices. Or so they claim.
On a rooted device you tend to screw around a litle more and install some infected software that might steal more info then what you know.
They so call wanna protect you against that by not allowing rooted devices.
But as the past already showed us you can aswell get infected apps from market if it passes google filters.
So this is just marketing for AVG. Besides i think AVG is more insane then a virus uninstalling it from your device is not always working perfect.
Also it would become possible to detect if a phone is rooted or not. If google adds a tag when you are using a rooted phone and allows android to send that tag to sites/apps and those sites/apps read those tags and according to them give access or not well then we are screwed.
I don't think they will push it that far thought with the block rooted access.
They just did it now in an attempt to block pirating of their new movie service.
I also remember Google saying once in an article that rooting isn't forbidden and they won't block it as it is just a way to tweak your phone.
It just voids your warranty
its always somethin isnt it..
Sorry if I sound dumb, but what exactly have Google blocked on rooted devices aside from video rentals?
Atomix86 said:
Sorry if I sound dumb, but what exactly have Google blocked on rooted devices aside from video rentals?
Click to expand...
Click to collapse
Well except the movies they havn't blocked rooted phones from anything else yet
For now i don't mind the block that much since i don't plan to view movies on my phone but i understand allot of other users that are pissed at this.
I mean my phone also has to Voodoo sound control app installed so yeah it needs root for that.
Things like this remind me of the phrase I say that "a phone is only as good as it is unrooted" in case one day our rooted phones are cut off from the world.
I am not, but if I had to guess I'd say: If Google decides to block more/too many services on rooted phones we are going to see an "root cloaking app" or something like that, pretending the phone was not rooted while it is.
On Topic, as a computer science student with focus on security: Yes, rooted phones are more vulnerable, because malicous apps could gain root from a stupid user or a dumb user install warez/cracks/stolen stuff with virii in them. Thinking about prices for most apps it's such a users own fault if his data is in trouble.
A bigger problem are the actual security holes in the system. I know from my old iPhone that those are the biggest problem. Especially if those can be triggered from a website, like the pdf or tiff exploit (the later still present on iPhone 3G as firmware is no longer updated).
Oh, on that note, I have a nice topic, but I think I should start a new one instead...
kllrnohj said:
Don't worry, there is no way for a website to detect if you are rooted or not. There's also no reason for financial companies to do that - they would piss off users for zero gain in security.
Uh, what? Google has *only* shipped devices with root capability so far, what is this "unsupported" crap?
Click to expand...
Click to collapse
Not really. From what I understand, to gain root in a device, you have to find a way to exploit it. There is no bonafide root access from Google. The Evo 4G, for example, the exploit was found in the Flash Lite app.
http://forum.xda-developers.com/showpost.php?p=15664846&postcount=3
im rooted
Root is nothing more than admin privileges. Look at your desk top is it "rooted" and do you think they will deny your money from and an admin account on your desktop? Take a deep breath and calm down.
root or not, security problem always occur
I don't know
JDenson77 said:
Root is nothing more than admin privileges. Look at your desk top is it "rooted" and do you think they will deny your money from and an admin account on your desktop? Take a deep breath and calm down.
Click to expand...
Click to collapse
i am rooted too.. and it's for the same reason i wouldn't like using a computer as a pathetic "user"..
Those 'Security Experts' are government agents that don't know sh#t about high tech rooted devices!
Better Security
I am running the MIUI ROM and I think the security features are much better than the non rooted ROM. It actually asked me if I wanted the XBMC app to intercept SMS's.
I don't know how many of you pay attention to security issues but I thought I would post a link to this Threatpost article.
http://threatpost.com/en_us/blogs/staggering-increase-android-malware-variants-trojan-apps-051612
It behooves one to pay attention to what you are installing and what permissions apps are requesting. I just ditched Evernote due to increased permissions, even though it is from what one might call a trusted source.
Edit: I have not finished perusing the F-Secure Mobile Threat Report, but so far it is a good read.
I've never once had a problem with any kind of malware or virus on my phone. Then again I'm careful and use common sense. Which goes a long way
Sent from my SGH-I777 using xda premium
Phalanx7621 said:
I've never once had a problem with any kind of malware or virus on my phone. Then again I'm careful and use common sense. Which goes a long way
Click to expand...
Click to collapse
Common sense does go a long way. With some of the posts I've seen on XDA, there seems to be a lack of that not-so-common attribute. Flashing without thinking, sideloading apps from unknown sources, etc.
Google appears to be reacting (albeit slowly) with Bouncer, trying to police Market/Play. I'm not sure if Amazon is doing anything similar for their app store. The big picture still looks rather grim. Will we be looking at large scale botnets this year? Hopefully not. The idea of Android botnets makes me a bit ill.
Unless malware can show up on the store, I don't see the issue here. It's a risk we've all known about since the day Android came out.
alpha-niner64 said:
Unless malware can show up on the store, I don't see the issue here. It's a risk we've all known about since the day Android came out.
Click to expand...
Click to collapse
Malware has shown up on the store. The issue is that Android is increasing its market share by leaps and bounds, black hats are writing more sophisticated malware, and more people are hacking their devices without a clue as to what they are doing. If you read the F-Secure Mobile Threat Report (linked in Threatpost), the number of detected malware APK's has grown tenfold over the last year.
Golly gosh.
Sent from my GT-I9100 using XDA
Phalanx7621 said:
I've never once had a problem with any kind of malware or virus on my phone. Then again I'm careful and use common sense. Which goes a long way
Sent from my SGH-I777 using xda premium
Click to expand...
Click to collapse
Exactly the same here
Windows has had malware threats for well over a decade and as it matured the OS was patched to deal with it. Android is more secure than Windows is, you not only have to download a malicious app you also have to install it before anything bad can happen.
Google will hopefully implement a more effective way of preventing malware from entering the Play Store but this may have the side effect of false positives on certain rooting/tweaking apps.
As pc are being replaced by tablets, its a juicy business for anti virus companies.
So i wouldn't trust any report from av companies...
It's usually pretty vague. Which app on android market?
As you get virus when you install warez games on pc, the same goes for android if you manually install an apk out of android market. Nothing new.
rchtk said:
As pc are being replaced by tablets, its a juicy business for anti virus companies.
So i wouldn't trust any report from av companies...
It's usually pretty vague. Which app on android market?
As you get virus when you install warez games on pc, the same goes for android if you manually install an apk out of android market. Nothing new.
Click to expand...
Click to collapse
I think you guys are missing the OP's point. You dont have to manually install an .apk.
A fake company called "MYOURNET" (touche for the name, rather ironic now) took a bunch of real apps from the market, injected them with malware and resubmitted them back onto the marketplace. The new malware could root your phone, steal your data, and keep a backdoor open for more goodies. Crazy ****.
http://androidcommunity.com/android-virus-served-up-by-user-myournet-20110302/
I admi i didn't open the pdf (pdf is now the number one virus vector ;-) but as far as i see it didn't mention reinjection in the market. Well.. pay attention to permissions..
Nothing else to do.
How to define a virus? That is the question..
Only install trusted editor from the market. Only install applications which provide ttheir source code and read it..
Easy answer for malware pike: piracy, period
Hello,
I'm involved in trying to collect information regarding Knox, the illegal destruction of private property and possibility to run unknown code and I badly
looking certain configurations to get more answers.
If someone has root, not tripped Knox and preferably SELinux set to "Enforcing", please send me a message! Your help is needed!
I was too late. The "Rules update #16" that blocked "Root de la Vega" was pushed to my phone against my will. Other got it as well.
That means they already have some form of control and disregard your configuration. What can they do more?
With an SELinux they can control your device as they wish if they configure it to hide processes that run, as of today, unknown code.
I'm an "BOFH Unix kick ass consultant" by trade. I know how nicely you can do this. "Living in a box". Oh yes.
This is about our future, the right for privacy and the right to do what we want with out own private property!
The extreme measures taken against just obtaining root are disproportionately harsh. If they succeed, others will follow.
We might end up with iNdroid in a few years. I want to prevent that. But we need more knowledge. They destroy evidence if you trip Knox.
Rooting is not illegal, but the active action of destroying someones property with indent is, whatever cause, warranty claims or not.
There will be consequences. But we need more information, and you who have a Note 3, just as me, can help. The key can be your phone.
Knox is not "just a flag". It have attached code. It sabotages your system both software and hardware. Scrambled software. Wifi permanently
damaged, to name a few. I know, from my S4, and have it verified from source. But that code is run once and then gone. Are there more E-fuses?
Dumping hardware has made at least one device totally bricked. Not even the Power button worked. It was stone-dead.
Also:
If someone has a way of obtaining it without tripping Knox please contact me. I'm willing to take the risk of tripping Knox since this is more important then
some warranty.
I've been working in this for two months now and the more I learn the more I start to question if this isn't a bad movie with Kevin Costner...
No opt-out. Enforcement of this "Enterprise" solution. On your private phone? Think! The money this must cost? You want a return of investment!
Rooted phones cost that much? I don't buy that. You have an unique certificate that binds YOU to your phone. You and your phone are bound as one.
What if 3rd-party malicious code get hands of that? Viruses exist, even on Play. But your Antivirus can't run because it can't access the parts it must have
higher right to read check your programs. I rather run a firewall and deny permissions of programs that want way too much.
A "file manager" doesn't need to read your contacts. A game doesn't need to use your camera. But you can't prevent that.
Knox prevents that. Because you can place a document in a container... I rather use my freeware AES-program that encrypt documents on the fly.
Until we know more the device should be considered as not safe. Why is Samsung stonewalling the question so many have asked?
"What is the extent of the damage made?". I think we have the right to now that, don't you? Many has tried. "Heavy damage" is so far the best we got.
So please, if you still have root and not a crippled device, please contact me. Your help is the only way I see is possible right now.
All the best,
Abs (Yes, I need to update my tag, since I have so much new)
Hi. I've root, not tripped knox and with selinux set to enforcing.
Enviado desde mi SM-N9005 mediante Tapatalk
Absolon said:
Hello,
I'm involved in trying to collect information regarding Knox, the illegal destruction of private property and possibility to run unknown code and I badly
looking certain configurations to get more answers.
...
I was too late. The "Rules update #16" that blocked "Root de la Vega" was pushed to my phone against my will.
...
Click to expand...
Click to collapse
Sorry, if you missed the incredibly obvious checkbox in Settings / Security = Auto update security you really don't look like the right person to trust with full root access on my phone.
xclub_101 said:
Sorry, if you missed the incredibly obvious checkbox in Settings / Security = Auto update security you really don't look like the right person to trust with full root access on my phone.
Click to expand...
Click to collapse
It got pushed about the moment I turned on my phone the first time. So as I said. I missed the opportunity
But thank those who instead of making sarcastic comments, already sent a message and offered help instead. :good:
I'm sure that the large group who got their phones destroyed really value you and your opinion, Xblub
But be careful so you don't trip it. You would not believe how easy that is!
Would be sad if you also got your phone devastated by the unkindly spirits at Samsung.
Let's hope we find a solution before that happens, right?
And please, if more want to help out please mess me, there are so many who got their phones destroyed and Samsung will not stop itself.
It will only be worse. But you can help stop this while we still have a change.
Next phones will have Knox chipped and then even Xblub will be sad
/Abs
Edit: Of course I meant Xclub.
As noted, easy to make a mistake. Like wanting Xclub to write "ls" when I really meant he should run
#!/bin/bash
//usr/bin/tail -n +2 $0 | g++ -o main -x c++ - && ./main && rm main && exit
main(_){_^448&&main(-~_);putchar(--_%64?32|-~7[__TIME__-_/8%8][">'txiZ^(~z?"-48]>>";;;====~$::199"[_*2&8|_/64]/(_&2?1:8)%8&1:10);} (Please don't run it!)
Ahh @Absolon, Was wondering where you had gotten too.
To be honest, I just tripped mine soon as I got it. removed the Stock ROM and just went custom. However... What I have noticed is knox.eventsmanager runs regardless of ROM and IF KNOX is uninstalled.. So probably running /hiding somewhere in the bootloader (at a guess anyway)..
All this KNOX talk is getting complicated now, it's a 50-50 split I think with people tripping/keeping it. - Samsung have forced it upon us, and unless we custom flash (and lose warranty in parts of the world) we are screwed.
radicalisto said:
Ahh @Absolon, Was wondering where you had gotten too.
To be honest, I just tripped mine soon as I got it. removed the Stock ROM and just went custom. However... What I have noticed is knox.eventsmanager runs regardless of ROM and IF KNOX is uninstalled.. So probably running /hiding somewhere in the bootloader (at a guess anyway)..
All this KNOX talk is getting complicated now, it's a 50-50 split I think with people tripping/keeping it. - Samsung have forced it upon us, and unless we custom flash (and lose warranty in parts of the world) we are screwed.
Click to expand...
Click to collapse
I have not touched the Note 3 yet, but I tripped the S4 when they sneaked it in. My Wifi works though, Like a Us Robotics 56K modem, but well..
So what did you experience? I just got the reports from the S4.
The problem of tripping or not tripping is not if this would be a flag because it's not. It's a lot more and I have it confirmed.
But since I can't obtain root without tripping Knox on my Note 3 right now I won't do it until the holidays are over and then claim hardware warranty
and let that play itself out.
But pray tell, after you broke Knox. What did you notice? Still have that sticky bootloader? Any Wifi, gfx, other issues? Any issues with
programs that got removed or that Play stopped working?
All info is needed and I really need constructive people here. I don't need access to someones phone. But I need to collect things.
So even if you can't Android or the SEL that I'm after I can guide through. So let's stop this before we have it in a nice chip next year?
Doesn't that sound like a really good plan?
/Absie
Absolon said:
I have not touched the Note 3 yet, but I tripped the S4 when they sneaked it in. My Wifi works though, Like a Us Robotics 56K modem, but well..
So what did you experience? I just got the reports from the S4.
The problem of tripping or not tripping is not if this would be a flag because it's not. It's a lot more and I have it confirmed.
But since I can't obtain root without tripping Knox on my Note 3 right now I won't do it until the holidays are over and then claim hardware warranty
and let that play itself out.
But pray tell, after you broke Knox. What did you notice? Still have that sticky bootloader? Any Wifi, gfx, other issues? Any issues with
programs that got removed or that Play stopped working?
Click to expand...
Click to collapse
I don't think you can tell the difference once Knox is tripped. The only obvious thing that sticks out is you have more RAM/HDD available and the phone feels slightly faster. As for Play and Apps not working, I am yet to see any issues (only play issues I have ever had have been No connection, when there clearly is one. After a few refreshes it loads up. Now bear in mind, My connection isn't weak, I've been on the internet via the browser or on an app when I have switched to Play and experienced this) - Not to mention a stupid notification yapping at us telling us we are wrong to use something on a phone we legally own.
Absolon said:
All info is needed and I really need constructive people here. I don't need access to someones phone. But I need to collect things.
So even if you can't Android or the SEL that I'm after I can guide through. So let's stop this before we have it in a nice chip next year?
Doesn't that sound like a really good plan?
/Absie
Click to expand...
Click to collapse
Aww I dread to even think what Samsung will enforce on us next time. There should be an option when you purchase the phone, if you're gonna use it for corporate use, then have KNOX installed via a code they print out. - But to us the everyday user. All it's doing is
*Taking up space on OUR phones
*Running cheekily in the BG
*As you stated, banning access to certain parts of the phone, which IF exploited, our AV's etc cannot reach.
To say we (well most of us) live in a free world, when it comes to us being consumers... they like to shaft us several times over.
Absolon said:
If someone has root, not tripped Knox and preferably SELinux set to "Enforcing", please send me a message! Your help is needed!
Click to expand...
Click to collapse
I feel your frustration. I would much rather an open hardware platform with none of this KNOX business. It's starting to get ridiculous...
It sounds like you've already got help, however I too have an un-tripped KNOX, w/ SELinux enforcing and would be happy to help out.
lispnik said:
I feel your frustration. I would much rather an open hardware platform with none of this KNOX business. It's starting to get ridiculous...
It sounds like you've already got help, however I too have an un-tripped KNOX, w/ SELinux enforcing and would be happy to help out.
Click to expand...
Click to collapse
Not all have the same configurations and not all have the same level of knowledge. But that is not a problem.
As I said. I don't want into your phone, I want you to collect info. So I gladly take any help I can get. Send me a private message.
Because I need as many as possible to verify things. Don't be shy! I don't bite. That hard
Destruction of data INSIDE the knox container after gaining root (which is a vulnerability in itself) is not data manipulation of any sort.
Tripping the counter will just void your warranty (as you would expect anyway!) and disable the knox container completely - it will NOT cause any other issue whatsoever to your device.
The System Security Policy service resets with a factory reset (so you can now go to the security tab and disable auto update).
Security Policy blocks known vulnerabilities that can give access to unauthorised root permissions and potential malware attacks.
Knox as a container can be opted out by uninstalling the knox application.
Knox as a counter is an integrated security measure and in no way should you ever be able to turn it off.
Security Policy is an active security system and you should not have the option to turn it off - you can prevent updates to the policy however.
Tripping the counter will not cause any hardware/software damage (!! An E-FUSE triggering is not damage, it's doing the job it is designed to do in case of compromising the system !!) - it will prevent you from using the knox container which is no longer safe after root and prevent you from getting warranty because you void it by rooting since the middle ages anyway - WiFi issues, dead devices and whatnot are not related in any way as most N3 users here are already using the device with knox tripped.
If you want root privileges you automatically lose your warranty and access to knox, nothing more nothing less.
PS: Update 16 blocked kingoapproot and vroot (which are technically malware), not root de la vega, the new bootloader blocked root de la vega because it's an exploit to gain root.
Absolon said:
...
The problem of tripping or not tripping is not if this would be a flag because it's not. It's a lot more and I have it confirmed.
But since I can't obtain root without tripping Knox on my Note 3 right now I won't do it until the holidays are over and then claim hardware warranty
and let that play itself out.
...
Click to expand...
Click to collapse
While the first line falls close to what a conspiracy theorist would say the second one is an interesting point where more attention would be useful.
It can be argued that in the context of EU law the HARDWARE warranty is different than the SOFTWARE warranty, and that a manufacturer can not evade providing the first.
The thing is - to the best of my knowledge Samsung has never (so far) denied HARDWARE warranty based on knox flag status - so in that regard you might have a starting point in case you want to set some precedent - and I would LOVE such a precedent to be set (in a way that protects the consumer)!
Other than that all the stuff on how knox is used by Samsung to spy on you and follow your every move is really not helping anybody's cause (except maybe Samsung's).
My final point on this matter is that people with a LOT more technical knowledge on the subject than Absolon here (people like Chainfire or AndreiLux and plenty other) have commented on this, so people should really learn more about the subject before starting the wrong crusade born out of conspiracy theories. Don't get me wrong - I WANT my consumer freedom, but I would also like that when legal precedents are set on the subject to have them set the right way, for the right reasons and with the right evidence (which will not be destroyed in court by Samsung lawyers in a day or less).
I'm following a good advice and removing any further comments.
I really want to work in a constructive manner and I do not with to petty fight. So please.
If anyone else want to help explore, please message me. We are on different levels of knowledge but that is all what XDA is about. To learn and to help!
All the best,
Abs
If I trip KNOX and my phone will need a repair will this work?
[INFO][EU] Rooting and Flashing don't void the warranty
EdisDee said:
If I trip KNOX and my phone will need a repair will this work?
[INFO][EU] Rooting and Flashing don't void the warranty
Click to expand...
Click to collapse
As said, there are different views. Skander has one experience and that can be for one version.
For the I9505 the Knox did cause damage to the hardware and I did collect reports of findings and the majority was Wifi,
If this is the same for Note 3 I don't know. I write that I know, and what I think. We have free speech and I can have my thoughts and so can others.
It's rudeness and bluntness that should be avoided and I know that irony sometimes doesn't do as well on paper as in real life, but believe me, irony is the only thing that keeps me alive now days ;P
So when turning on a GN3 for the first time immediately disable updates before you DL the bad firmware/bootloaders?
Edbert said:
So when turning on a GN3 for the first time immediately disable updates before you DL the bad firmware/bootloaders?
Click to expand...
Click to collapse
On ANY MODERN PHONE (if possible - for instance you will not be able to do that on any iphone) you should:
- start the phone once without any SIM card and without entering/activating any form of WiFi - this will guarantee that your phone will not connect first to the Internet
- check/set any relevant settings regarding security and software updates - for instance on Note 3 those are two separate settings, and the security one seems to be activated "by default"; currently the firmware update is not really activated "by default" since it WILL ask you pick a country and agree to some EULA
- either way, once you have disabled things (I also disable mobile data at this point) you can then power-off and insert your SIM, then enable WiFi and do whatever else you want to do.
I am not saying that it is "normal" to be this way, but since it is then you better be prepared for it!
Tripping knox won't break your WiFi or anything on the Note 3.
If you break it yourself by messing with it that's another thing.
Do keep in mind that your warranty is void by rooting but this depends on the seller or carrier.
Skander1998 said:
Tripping knox won't break your WiFi or anything on the Note 3.
If you break it yourself by messing with it that's another thing.
Do keep in mind that your warranty is void by rooting but this depends on the seller or carrier.
Click to expand...
Click to collapse
Abit ridiculous though. Why they would want to avoid advance users like us to root our phones? Knox was implemented for corporate user or uses. But they jolly well know most of their customers are average users which are not completely working on highest intel in any agencies which require knox to be used. Their marketing strategy failed to the max. Focusing knox on both the corporate users and normal users. Secondly knox to them is both a security measures and a so called warranty tracker. By warranty rooting as does damage your phone software but not hardware unless extreme cases whereby people oc'd their phone to be rocket-ed out of their pockets. Hmm. Rarely i've heard root causes phone to be burnt or caused a crack to the screen or buttons alignment.
Sent from my SM-N9005 using XDA Premium 4 mobile app
---------- Post added at 05:46 AM ---------- Previous post was at 05:39 AM ----------
MxFadzil92 said:
Abit ridiculous though. Why they would want to avoid advance users like us to root our phones? Knox was implemented for corporate user or uses. But they jolly well know most of their customers are average users which are not completely working on highest intel in any agencies which require knox to be used. Their marketing strategy failed to the max. Focusing knox on both the corporate users and normal users. Secondly knox to them is both a security measures and a so called warranty tracker. By warranty rooting does damage your phone software changing of roms baseband kernel etc but still baseband all those stuff are still needed by the original manufacturer release not by cyanogemod for example new baseband are aquired by new tw rom new builds except for kernels which are aquired by githubs made by respective developers... But not hardware unless extreme cases whereby people oc'd their phone to be rocket-ed out of their pockets. Hmm. Rarely i've heard root causes phone to be burnt or caused a crack to the screen or buttons alignment. Rooting are the only way for us to try a new android platform build release by google... To wait for manufacturer release maaan could be months down the road. Sigh.
Sent from my SM-N9005 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Sent from my SM-N9005 using XDA Premium 4 mobile app
MxFadzil92 said:
.too long.
Click to expand...
Click to collapse
They do not stop you from rooting, they just re-affirm the million year old knowledge that rooting voids your warranty!
Bricking smartphones from rooting is very common, so does flashing kernels and whatnot, flashing kernels can actually allow someone to cause actual hardware damage to antennas, CPU's and GPU's and even kill the screen (in the note 2 for example, flashing an s3 recovery will burn the digitizer permanently)
Rooting also invalidates Knox's security completely, and any data there should be protected so they make it self destruct (the container) when rooted and the flag is there so after unrooting (and potentially having a still infected system) no one can activate a container anymore on the Smartphone.
This has side effects like the inability to root without detection, but the regular users you are talking about will not root their devices and so is 90+% of the users.
Knox is not an issue and nothing new, flashing anything from 2010 on any device voids your warranty, now it voids it with a permanent marker so you can't fool them and technically illegally get a repair from a broken warranty.
You break warranty terms even one of them, you don't get it.
xclub_101 said:
On ANY MODERN PHONE (if possible - for instance you will not be able to do that on any iphone) you should:
- start the phone once without any SIM card and without entering/activating any form of WiFi - this will guarantee that your phone will not connect first to the Internet
- check/set any relevant settings regarding security and software updates - for instance on Note 3 those are two separate settings, and the security one seems to be activated "by default"; currently the firmware update is not really activated "by default" since it WILL ask you pick a country and agree to some EULA
- either way, once you have disabled things (I also disable mobile data at this point) you can then power-off and insert your SIM, then enable WiFi and do whatever else you want to do.
I am not saying that it is "normal" to be this way, but since it is then you better be prepared for it!
Click to expand...
Click to collapse
And with a company that does fair play you don't have to worry that they push something you don't want on your phone.
And they do. Don't be too sure that just because you turned your settings off that it protects you, because if you read through posts you will see that people got updates pushed, disregarding whatever setting you had. And that is certainly not fair play
But to answer your question. First. Just dropping names here and there doesn't do it. To ride on someones "fame" to gain more authority and merit to your post is bad rhetoric.
You should be able to do that on your own.
Yes, there are many who are way better then me, but the nice thing is that when you asked them, they know they once been there themselves and don't feel the need to project personal problems and anger on some random person they never met.
Just that we passed the 100 post mark and XDA automatically put a "senoir" next to the name means nothing more then we are good at bull****ting online,
Doesn't tell if you are 1337 or a n00b. Even if you post 10000 post doesn't mean that you have any deeper understanding.
But new users don't know that, and treating others without respect scares them away. Makes them afraid to ask. Who wants a snotty answer back on their first post?
So please. Make this a constructive place. If you are angry I recommend Reddit/Imgur/Flashback. There you can project whatever you want or need.
I don't know how to code a single line in Java!
But I'm awesome in C64 Basic!! And I managed to write "Hello World" in BF!
And I know several Asm's and I coded mostly in C (and C++ when it was still readable) and did my VHDL/Erlang-hell period (and I tested like 20++ other languages, some enforced during my master but some just for fun. I can write "Hello World!" in Sun's start eeprom!) but that was looong time ago. So I'm "rusty". Old. There are so many nifty new things. But then. Mostly I use something invented 200 years ago - A stethoscope. But there is a new COOL one! BT! With noise reduction and spectrum analysis! No more things that hurt in my ears! For the little sum of 1500 € it's yours!..... Bleh.
But I'm not ashamed of that! I can learn if I want. XDA is a great place for that. Even have their own Android University!
I'm fairly good with Unix. Even made money of it. For over 8 years. And the good with that is that some things we still use today haven't changed since 1973!
And I worked some with hardware but I need a new JTAG. Know a good one? So many to choose and I don't know the quality or what is needed?
Do the board even have pins or do you have to weld them? I hate welding!
You say conspiracy. I say concern and worry.
Why are people starting to get worried?
It's not as much as conspiracy then more why they are behaving like they do?
The fact is simple - the unknown
The word SELinux has come to more people now since it's mandatory in 4.3. The "moblie magazines", M3, Android** talks about the "news in 4.3".
But what is SELInux?
So people turn to the trusty Wikipedia for answers: Wikipedia - SELinux
And the first lines they see are
Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides the mechanism for supporting access control security
policies, including United States Department of Defense-style mandatory access controls (MAC).
SELinux is a set of kernel modifications and user-space tools that can be added to various Linux distributions. Its architecture strives to
separate enforcement of security decisions from the security policy itself and streamlines the volume of software charged with security
policy enforcement.[1][2]
The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency.
Click to expand...
Click to collapse
That is what people see!!
I can bet some even read "police" and not "policies". The see all this and that SCARES THEM.
With the recent scandals in mind of NSA hacking everything including the Germans Chancellors phone, an alley??
And here, the American spy-outpost towards Sovjet/Russia since 1947. We have also a 3-letter agency. And not many weeks ago there where front pages that they shared the databases with each other. So is that so hard to understand?
So to get from the unknowns they start to look
So you turn to Samsung for answers, And they treat you like cattle. And they stonewall you? No transparency whatsoever.
They reminds me of Nokia when they also went into "grandiose mode" and also through they could do whatever they please because of their total dominance. But they forgot one thing. The consumers got more and more unhappy. And they was their sole income. And when get got that in their heads it was too late. What are they now? Decimated to nothing. Trying desperately with a yet another attempt by Microsoft that is deemed to fail. How many times have Microsoft tried to get in on the hand-held market? I lost count.
And then they start to Google. XDA turns up like the first thing. Find their phone and see "Knox?"
(SELinux==NSA) --> Enterprise solution? On my private phone? Encryption? Damage? Container? What do I need THAT for?
"I don't want THAT on my phone! NSA. Enterprise. Container? Where is the opt out? There are none? I was NOT informed of this!"
That is what I find that worrying and I share that with many others.
Yes, some say it's just a flag. Not on S4. Look how many got problem with Wifi. I got them as well. And I knew when I broke my Knox.
Since SS goes all this trouble to hinder you to gain root access that they even had an E-fuse that does cause hardware damage.
To prevent "Triangle Away"? As your friend if he believes it's because of that?
I don't have to use SELinux to run code past your nose, root or not, but SELinux does it so much easier, since you can define it do hide processes from normal users and it has the possibility to run 3rd-party code. You know that, right?
Since we don't know what is run on the phone you can't be sure it's not something with some intent? So why not investigate it? What is going on in the phone?
Aren't you curious? I am. I would love to be able to root? Can I after #16 on MJ7?
But sure ask them, please. Give it a try
Ask them for example why Wifi stopped working after Knox was tripped on your S4?
Ask them what the extent of the damage they have done?
Ask them where this "Efuse data" is, on what address-range so you can avoid it? Data for a flag? Wasn't that just burned in?
Ask them why you can't update with Kies anymore? Wasn't that just a flag?
Ask them anything.
And I'm sure you will get a message back (if you get any) from "Steve". The poor overworked guy that serves the whole world and he always seems to write the same? We compared. He sits and write the same text over and over? "Sorry, we can't divulge this information at the moment".
Poor Steve!
Come back to the mother-continent! I promise, we've stopped flogging, guillotine, quartering and we changed the stake for a steak!
We have much more fun! 6 weeks of full paid vacation. Here in Sweden we have Polar bears! While we sit in our igloos and make watches.
And we have better beer as well!
If you see turning of a setting as a merit I think you should add that to your CV (and I was not alone in this).
I did as 99% of all do. Unpack the phone. Skip the instruction. Put in the sim and the sd-card and then turn it on.
BAM! I don't even think I had the time to enter my Gmail?
But you didn't. Great!
Here your knowledge would be useful! Help your fellow XDA members. In the spirit of XDA!
Can you dump the phone? Not block-wise but by reading the whole contact of the eeproms?
Can you compare your fstab and it sizes? Do they correspond to the space you have? If you dump them and compare it to the first, Do the differ much is size (a bit is natural)?
Can you use parted and list the partitions? Are all mounted? What rights do they have? Can you read them all?
The security policies in /system. What do they contain? See anything strange?
Can you compare what processes you see as a user and root?
Can you list the rules loaded in the kernel? MAC? (I think you need to compile the commands for it or get it from some Arm dist, they are not included)
Strace some processes that you don't recognize?
The kcryptd? What do they work against?
What files are open and locked? What does the stat say?
See kvm? Or are you in a kvm?
Here you can actually ACT and DO something constructive and concrete or is this just, as from my compressor, high pressured air comming from your side?
Time will tell I guess.
For the others that have messaged me: A BIG BIG THANK YOU!
And no, I don't have enough volunteers, if you do have this configuration, mess me. Or test sometime from test list. The dumping should be used by experienced users but you can do a lot on that list and you can zip and sent me some files. Rules, Pipe out the process lists.
I don't care how much you can or can't. Ask away! We started at the beginning somewhere and I will do my best, ask around, and TOGETHER, we might get some result, because we want to DO something and maybe we CAN help right? Either we find something or we don't. If we are sure and can say "The system seems clean". That would calm a LOT people down. Including me.
/Abs
And with this I won't go into more arguments about this. It's enough. I saw this as an excellent solution to see and check. Not to argue.
I already lost too much time on bla bla bla. I want to spend the time I have on things that matter. My friends that have their phones destroyed.
Use the list or make another! All seem to have their own experiences/views. Samsung must love this division.
Just DO something! Like in all research: Stipulate, challenge, prove, disprove, confirm, dismiss. Start over.
If you need to vent, you can PM me as well, Xblub.
Hi
I know that this will sound like another hacked story but I know what to do.
My phone got hacked couple of months back.i didnt know it was untill the hacker started to leave clues. It was then that i started really payibg attention to everything going on. but keeping quiet abort it so that he or she thinks i didn't know
I know of 3 incidents that may have conpronised my security coupled by the fact that I did not practice password hygiene or unique ones for all accounts. I know that its totally my fault and i am not goings to blane Android os. So please dont think of this as one of tjose posts
What i now need is help in understanding what tondo next.
Little details on what happens, lets say i get search for some one on Facebook. The same is Charles smith, I Finish off my search and open Instagram boom i see a pictures where recommended shows a google search page where Charles is written and the Google auto complete is giving options .
Happened twice
I tumlr and I don't really post anything in fact My blog is totally blank. Suddenly i have people followings me and they tend of hame my nick name as their user id .the id displays my WhatsApp status updates.
These and just two examples i have more but i think everyone gets whats going on.
things i have done to prevent such occurences factory formatting the phones mac abd router. Gotten new routers and ready to flash a custom firmware for them.
Password changes .everything.wps2 aes wifi password with random numbers upper case lower case n symbols
Passwords are written on paper without a electronic backup and under lock and key.
I thought that maybe its a key logger but i took my moto x2 n moto e2 to the service center and got them to re load official software.
Two days later bam the same thing.
Any suggestion on where the weakness is ?
The problem is that I am kind of tired if thi
Sent from my XT1092 using XDA Forums
Check account sync settings if it is on more applications can use various private data.
Sent from my A0001 using XDA Free mobile app
i dont understand?
can u explain , i have sync on should I not have it
on different note does anyone suggest rooting and installing something that can isolate and restrict data from being accessed. now i know that exposed does that and marshmallow will work that out. but any other guidance ?
Did you use a virus or malware scanner?
Are there any apps you didn't install on your phone?
If i were you, i would start with doing the following steps by their exact order to get rid of the hacker and operate on a "safe" system.
1- Backup personal files to pc and deep scan them with virus scanner, make sure they're clean.
2- Unlock the bootloader of device and flash every image manually with fastboot from stock factory image.
3- After flashing the images, go to stock recovery and wipe data / factory reset and wipe cache for a complete, untouched system.
4- Change account passwords with stuff that are unrelated to you. I mean if you made a google search for firedance, don't include dance or fire in any your passwords.
* also change the " forgot my password " questions and their answers.
5- Once you boot the system, download any ota packages from the manufacturer to be sure you'd be on a safer and patched software for security.
For future securtity, be sure to check apps permissions before installing anything from google play or external places. Don't root your device and don't enable USB Debugging in developer options. Hope it helps.
Semseddin said:
If i were you, i would start with doing the following steps by their exact order to get rid of the hacker and operate on a "safe" system.
1- Backup personal files to pc and deep scan them with virus scanner, make sure they're clean.
2- Unlock the bootloader of device and flash every image manually with fastboot from stock factory image.
3- After flashing the images, go to stock recovery and wipe data / factory reset and wipe cache for a complete, untouched system.
4- Change account passwords with stuff that are unrelated to you. I mean if you made a google search for firedance, don't include dance or fire in any your passwords.
* also change the " forgot my password " questions and their answers.
5- Once you boot the system, download any ota packages from the manufacturer to be sure you'd be on a safer and patched software for security.
For future securtity, be sure to check apps permissions before installing anything from google play or external places. Don't root your device and don't enable USB Debugging in developer options. Hope it helps.
Click to expand...
Click to collapse
Don't Root your device? Don't check USB debugging? Seriously? That is your answer? Wow, do you work for Verizon or AT&T by some chance? Sorry, but with Root and some nicely placed Xposed modules, this persons phone or tablet would be more safe than anything g Verizon or AT &THE could conjure up. You are a dope! Lol! Seriously, go away. Bother another community. ?
Sent from my SM-N910V using Tapatalk
Jaytronics said:
Don't Root your device? Don't check USB debugging? Seriously? That is your answer? Wow, do you work for Verizon or AT&T by some chance? Sorry, but with Root and some nicely placed Xposed modules, this persons phone or tablet would be more safe than anything g Verizon or AT &THE could conjure up. You are a dope! Lol! Seriously, go away. Bother another community. ?
Sent from my SM-N910V using Tapatalk
Click to expand...
Click to collapse
Pardon me but where does that come from ? Made me laugh. Since this is security forum, the first priority is security not your "nicely put xposed modules whatever that means". It is said many times by security experts rooting an android device removes a big portion of layer of security. I unfortunately don't work for AT&T or Verizon but i wish i worked for them for a nice salary.
This one is coming from the recognized developer and moderator of XDA Android Security forum. Someone who have exploited devices and found vulrenabiliies that you can't even dream of. Lets say i am a "dope" and you're the smart guy. Are jcase, steve kondik dopes as well ?
http://securitywatch.pcmag.com/secu...-have-android-settings-from-a-security-expert
http://www.dailytech.com/CyanogenMod+Creator+Tells+Android+Users+to+Rethink+Rooting/article33058.htm ( yeah, even steve kondik doesn't approve rooting for general users.
https://blog.kaspersky.com/rooting-and-jailbreaking/1979/ " Kasperksky a security platform well known for years are also against rooting.
Think again if you can who is the dope, now, go bother in your nicely put xposed modules forums for the sake of security. :good:
Semseddin said:
Pardon me but where does that come from ? Made me laugh. Since this is security forum, the first priority is security not your "nicely put xposed modules whatever that means". It is said many times by security experts rooting an android device removes a big portion of layer of security. I unfortunately don't work for AT&T or Verizon but i wish i worked for them for a nice salary.
This one is coming from the recognized developer and moderator of XDA Android Security forum. Someone who have exploited devices and found vulrenabiliies that you can't even dream of. Lets say i am a "dope" and you're the smart guy. Are jcase, steve kondik dopes as well ?
http://securitywatch.pcmag.com/secu...-have-android-settings-from-a-security-expert
http://www.dailytech.com/CyanogenMod+Creator+Tells+Android+Users+to+Rethink+Rooting/article33058.htm ( yeah, even steve kondik doesn't approve rooting for general users.
https://blog.kaspersky.com/rooting-and-jailbreaking/1979/ " Kasperksky a security platform well known for years are also against rooting.
Think again if you can who is the dope, now, go bother in your nicely put xposed modules forums for the sake of security. :good:
Click to expand...
Click to collapse
For a dope, I suppose that Root is a security risk. But, just because a device is not Rooted, does not mean it is secure by any stretch of the imagination. Truthfully, they are more unsecured if locked out from the user. That is, if the person is not a dope. What I am saying is that your advice, for the OP to take every update and not Root, was not really that helpful. If the OP installed an app that was a risk, then all the updates and non Root, will not help them. Now, if you were to show them, that if they were to Root, and use certain apps and modules on their device. Then they could keep a better eye out for potential problems. But, even if they did as I just said. If the OP is being a dope, and installing apps that, let's say, they obtained from a torrent site. Then, well, dope would be a fitting title for them as well.
And, if those recognized developers stated that Root was not good at all. Then yes, dope would be a fitting application of the word. Root is only bad for those that are dopes.
I believe that you inadvertently called the OP a dope. You did not help them all that well. What you did was help them to get rid of the problem temporarily. Do we know who apps are on their device? It would be a good idea to know these things. Also, where did they get these apps from? Kind of a big deal there.
But, if you were wondering what it is that I am talking about in regards to xposed. Look it up.
http://repo.xposed.info/module/de.robv.android.xposed.installer
I suggest the OP do the same. As well as anyone else who is having g issues. Now, knowing about xposed and the modules that can accompany it. Will not fully protect anyone from blatant stupidity. Read, read, read. And practice safe device use. There are so many avenues to protecting g ones self. But a big one that anyone can do. Don't download from shady places. Though, it is even very possible to get in trouble from apps from the Play store. Knowing what apps are asking for what permissions is important. What bothered me about your post is that you in the same post, stated for them to unlock the bootloader and then, to not root. Verizon and AT&T are advocates of the no Root behavior. And that sickens me. As well as many others. Instead of helping g people to see the dangers. They are told to do the most simplest of tasks, not to Root. And that they would be fine. Absolutely and completely false and misleading. Now, and again, for a dope. I suppose this would be fine. Though, it is not helpful. Education into matters are. One needs to seek out the underlying issue first. Then attempt to educate. As far as calling you a dope, I do humbly apologize for my Choi e of words. You did not deserve that. It would have been just fine for me to build onto what you suggested. Which was good advice. So, I am sorry. And yes, I am very much a dope at times .
Sent from my SM-N910V using Tapatalk
Jaytronics said:
For a dope, I suppose that Root is a security risk. But, just because a device is not Rooted, does not mean it is secure by any stretch of the imagination. Truthfully, they are more unsecured if locked out from the user. That is, if the person is not a dope. What I am saying is that your advice, for the OP to take every update and not Root, was not really that helpful. If the OP installed an app that was a risk, then all the updates and non Root, will not help them. Now, if you were to show them, that if they were to Root, and use certain apps and modules on their device. Then they could keep a better eye out for potential problems. But, even if they did as I just said. If the OP is being a dope, and installing apps that, let's say, they obtained from a torrent site. Then, well, dope would be a fitting title for them as well.
And, if those recognized developers stated that Root was not good at all. Then yes, dope would be a fitting application of the word. Root is only bad for those that are dopes.
I believe that you inadvertently called the OP a dope. You did not help them all that well. What you did was help them to get rid of the problem temporarily. Do we know who apps are on their device? It would be a good idea to know these things. Also, where did they get these apps from? Kind of a big deal there.
But, if you were wondering what it is that I am talking about in regards to xposed. Look it up.
http://repo.xposed.info/module/de.robv.android.xposed.installer
I suggest the OP do the same. As well as anyone else who is having g issues. Now, knowing about xposed and the modules that can accompany it. Will not fully protect anyone from blatant stupidity. Read, read, read. And practice safe device use. There are so many avenues to protecting g ones self. But a big one that anyone can do. Don't download from shady places. Though, it is even very possible to get in trouble from apps from the Play store. Knowing what apps are asking for what permissions is important. What bothered me about your post is that you in the same post, stated for them to unlock the bootloader and then, to not root. Verizon and AT&T are advocates of the no Root behavior. And that sickens me. As well as many others. Instead of helping g people to see the dangers. They are told to do the most simplest of tasks, not to Root. And that they would be fine. Absolutely and completely false and misleading. Now, and again, for a dope. I suppose this would be fine. Though, it is not helpful. Education into matters are. One needs to seek out the underlying issue first. Then attempt to educate. As far as calling you a dope, I do humbly apologize for my Choi e of words. You did not deserve that. It would have been just fine for me to build onto what you suggested. Which was good advice. So, I am sorry. And yes, I am very much a dope at times .
Sent from my SM-N910V using Tapatalk
Click to expand...
Click to collapse
Humble apology accepted.
You may not like AT&T and Verizon for their tight stance against rooting.I don't like that as well. They're filling their devices with their bloatware and excluding some very useful features from their customers like hotspot for free. However, Anyone who owns an operator variant of a specific device have already signed a contract with his operator already accepted their terms and that's why they get their bloated and controlled devices for cheaper prices in long term instead of paying full in cash. That said, i see nothing wrong with AT&T or Verizon's policy of keeping their devices locked to death since rooting would take a stake from their business and that was not their agreement with their customers. This is not the subject of this thread for sure. Should add, i see nothing wrong if a contracted owner a device wants to take full potencial out of it by rooting since it is the only way for them to get rid of bs in their devices. This is another discussion, not related to this thread.
I will use the word " regular user " instead of "dope" since nobody have to be knowledgeful about android security. Being someone without a clue of android security wouldn't make them a "dope". I currently sport a Moto Maxx, a bootloader unlockable variant of Verizon Droid Turbo sold in Brazil. I paid about 150$ more just to be free of Verizon Bloatware for the exact same hardware. I could have paid 150$ less and bought a Verizon Droid Turbo but i didn't just because i knew i would have Verizons' bs running in my phone every second. There used to be a time for me when rooting was a must with android because i used to own devices bloated with Motoblur, having low amount of ram and storage as well as unavailbility of disabling/deleting of unwanted apps. Now, i have 3gb of ram and 64gb storage with near Vanilla Android experience with my phone. I asked myself, what the heck do i need rooting for ? The answer was easy : nothing.
Lets say, android is an apartment, the root is the key to its door, xposed is the "watchdog" and hacker is the "thief". Would you keep the door unlocked and rely on a dog for its security ? I personally wouldn't do that cause the dogs can be fooled easily by a piece of meat and most importantly they have no responsibility at all. After all, It is just a dog serving for free without any responsibility. I couldn't ask for insurance as well cause i was the one who kept the door unlocked. I am also aware that any door can be opened without a key and the dog can be bypassed easily and the hacker can get whatever he wants. Things will happen if they're destined to be happen, we can't avoid some. Still, it is always our responsibility to keep the door locked in the first place and take counter measurements against. That was what i was pointing in my post.
Disabling USB debugging is the first thing one should do if there're concerns about security and this is not coming from a "dope" but security experts of android. :good:
Semseddin said:
Lets say, android is an apartment, the root is the key to its door, xposed is the "watchdog" and hacker is the "thief". Would you keep the door unlocked and rely on a dog for its security ? I personally wouldn't do that cause the dogs can be fooled easily by a piece of meat and most importantly they have no responsibility at all. After all, It is just a dog serving for free without any responsibility. I couldn't ask for insurance as well cause i was the one who kept the door unlocked. I am also aware that any door can be opened without a key and the dog can be bypassed easily and the hacker can get whatever he wants. Things will happen if they're destined to be happen, we can't avoid some. Still, it is always our responsibility to keep the door locked in the first place and take counter measurements against. That was what i was pointing in my post.
Disabling USB debugging is the first thing one should do if there're concerns about security and this is not coming from a "dope" but security experts of android. :good:
Click to expand...
Click to collapse
To show how ridiculously and persistently wrong you are, I am going to use your above example. If root is your key, then what you are doing is giving that key to Google and device manufacturer, while throwing your own copy away. In your own apartment, you are only allowed to go where google and verizon let you. This makes no sense whatsoever, unless the apartment owner is a real dope (no personal offence meant).
Disabling usb debugging also sounds like an aria from the same opera. If the device is on your person, this provides no additional security at all, as usb debugging is only relevant when your phone is connected to computer. If someone physically takes your device, it would take 10 seconds to enable debugging.
Root provides you an opportunity to control your device and restrict system apps, thereby reducing possibilities for hackers to take over your phone... As I have already mentioned before, every operating system provides root access to users. The only reason it is not done on smart phones is becase manufacturers, carriers and OS providers want to turn users into walking advertising beacon-dopes. Again, no offence meant...
optimumpro said:
To show how ridiculously and persistently wrong you are, I am going to use your above example. If root is your key, then what you are doing is giving that key to Google and device manufacturer, while throwing your own copy away. In your own apartment, you are only allowed to go where google and verizon let you. This makes no sense whatsoever, unless the apartment owner is a real dope (no personal offence meant).
Disabling usb debugging also sounds like an aria from the same opera. If the device is on your person, this provides no additional security at all, as usb debugging is only relevant when your phone is connected to computer. If someone physically takes your device, it would take 10 seconds to enable debugging.
Root provides you an opportunity to control your device and restrict system apps, thereby reducing possibilities for hackers to take over your phone... As I have already mentioned before, every operating system provides root access to users. The only reason it is not done on smart phones is becase manufacturers, carriers and OS providers want to turn users into walking advertising beacon-dopes. Again, no offence meant...
Click to expand...
Click to collapse
I see your point, respect it but disagree. Your example doesn't really work with my logic since you're putting players like Google/Verizon in the same league with an hacker. Yes, they for sure have control over their software since they're the one who created Android and offered the hardware along with an oem in the first place. These big companies are not like 3rd party devs who are irresponsible for any their actions.. If you happen to have sensetive privacy trust issues with Google, leave any android device out, you wouldn't even use google search in your pc.
A hacker having pyshical access to a device who would enable USB debugging in 5 seconds. is this what we're really talking about ? Anyone who have a device in hand doesn't need to be a hacker to get data from it. Have a coffee with the target sitting next to to him, memorize his passcode Done. Another way is to flash twrp and give some adb shell commands to bypass any lockscreen code. Done. USB debugging ON help with apk rooters and computer based root exploits as well.They rely on usb debugging to be on. You're hacked in no time.
I just can't trust any 3rd party dev more than my device manufacturer / operating system provider and network provider. I think the same for you like you're persistently and ridiciolusly wrong by giving too much credit to some unknown sources instead of those who have an actual business address. :good:
Just kiss each other already or dont say anything.
This thread is made by someone who needs help and you two both are taking it off topic instead of helping him. Now out of respect for that user, stop this endless conversation.
Semseddin said:
I see your point, respect it but disagree. Your example doesn't really work with my logic since you're putting players like Google/Verizon in the same league with an hacker. Yes, they for sure have control over their software since they're the one who created Android and offered the hardware along with an oem in the first place. These big companies are not like 3rd party devs who are irresponsible for any their actions.. If you happen to have sensetive privacy trust issues with Google, leave any android device out, you wouldn't even use google search in your pc.
A hacker having pyshical access to a device who would enable USB debugging in 5 seconds. is this what we're really talking about ? Anyone who have a device in hand doesn't need to be a hacker to get data from it. Have a coffee with the target sitting next to to him, memorize his passcode Done. Another way is to flash twrp and give some adb shell commands to bypass any lockscreen code. Done. USB debugging ON help with apk rooters and computer based root exploits as well.They rely on usb debugging to be on. You're hacked in no time.
I just can't trust any 3rd party dev more than my device manufacturer / operating system provider and network provider. I think the same for you like you're persistently and ridiciolusly wrong by giving too much credit to some unknown sources instead of those who have an actual business address. :good:
Click to expand...
Click to collapse
This is not about respect, disrespect or disagreements. The facts (not opinions) remain: every operating system on Earth provides root or administrative privileges to users. However, it is not given to the same user when he turns to a smartphone. There is no security reason whatsoever why a user has root on computer and no root on a smartphone.
As I have already said, there are plenty of non-security reasons for the above: the main one being to prevent the user from removing advertising junk and spying malware inserted there by manufacturers, carriers and software providers. Kids love it (above three) and Mother (NSA) approves...
Every argument against root invalidates itself when applied to computer OS: remember the user is the same.
@its the peanut
Please stop patronizing. This is a security discussion thread and we discuss security, which is beneficial to the poor guy, the OP... :silly:
Semseddin, what do you do to stop fastboot?
rooting and knowledge go hand in hand, the OP states device is rooted, but sounds like hasn't got the interest to know what's behind the process. that is why we don't have the slightest piece of evidence that his device has been compromised. just the users opinion that it has.
having su and adb debugging at least allows them to logcat.