Shell Shock Help! - Security Discussion

Hello all I'm very Nervous that I'm a Victim on Shell Shock on My Rooted Android HTC one M8. I need some help. I understand the problem is with Bash.
Here is history
Im Rooted with Stock Image of Verizon. I understand Shell Shock can affect if you if rooted.
However what happened is one day I notice my Wifi trying to connect to a weird server.
Also I notice my Gmail was hacked as a code was redeemed that google gave me so I changed password.
I did some Reading about Shell Shock and found this is problem
I used Cheetah Mobile Security app to enable Shell Shock Protection.
That helped and it directed back to correct Wifi
However something is increasing my ram higher than usual I think something is still running from this problem as my device is lagging.
I will be honest I have No Idea how to access Bash or Patch it. This is where I neeed some help if anyone can please help me!!
I'm hoping someone is this community could point me in right direction.
Awful people like this exist.

Read this
http://www.xda-developers.com/android/bash-patched-shellshock-vulnerability/

Xploited? More analysis needed
Hi Whiskey,
I see 2 seperate questions here:
1) is your device vulnerable?
If you have any unpatched version of bash installed, it will be vulnerable.
2) Was shellshock exploited to break into your device?
What are the symptoms you see?
You mention something about WIFI connections, and a laggy feel of the UI.
At this point I can not determine whether your device has been compromised.
If it was, the usual procedure for any device that has been compromised
is to clear all data and programs and re-install them from a trusted source.
So we need to analyze this further:
- Do you have a bash shell installed ( look in /system/bin for a file sh )
-Please describe the symptoms you see.
- Which programs or services consume a lot of ram?
- What exactly does not work?
- What exactly was the unusual wifi connection you noticed?
-Your phone might just have connected to an open WIFI in your vicinity if you configured WIFI to do so.
Best regards,
Euphoric

You test this?
https://play.google.com/store/apps/details?id=com.cleanmaster.security

Related

G1 Security

Hi all,
I notice on t-mobile (uk) you are accessible to all other t-mobile users on their internal 10.x.x.x network.
I have two sims and can shell from my home machine into my G1 wherever it is and vice versa (which is great, but...)
However this also means other people can too, and I notice the JF image I'm currently running (1.41 - rc8) is permanently listening on port 5037 (i.e. adb)
ADB is a debugging tool, my hunch is this wouldn't be too hard to crash, and leading on from there to run an exploit on it.
adb is of course running as root, so if exploited it's game over....
all in all, I'm rather concerned some 1337 HaXor is gonna take over my phone.
sure I can kill adb, but it would be nice to not have it running at all unless asked for.
Can I remove it from a startup script somewhere?
TOP TIP, make sure when rooting your phone you don't leave telnetd running else you are asking for trouble!!!!!!
I'm surprised no one has commented on this matter yet (I noticed it this morning.)
This is truly something that T-Mobile would have to fix on their end. I haven't had a chance to try it out today, but when my brother gets here I'll be sure to give it a shot (he has a G1 as well.)
I haven't tested this, so I can't vouch that this is an accurate description of how the system behaves.
However, adb should ONLY listen on the usb port. Listening for an adb connection on an internet-facing interface is just crazy.
I don't see adb running as non-root being a big help either. You can still compromise most of the personal data on the phone and run almost arbitrary commands on the phone as non-root. You just can't change the system image.

Android G1 - call log 'unknown' - PLEASE HELP!!!

Dear Users,
I am experiencing an issue which has been raised once before and no clear,
simple solution was found.
My current problem is that, after updating my G1 from 'cupcake' to 1.6, all
the calls I make and all the calls I receive are labelled as 'unknown',
despite the fact that these numbers are in my contacts. Here is the link to
the similar issue which was officially declined by Google:
http://code.google.com/p/android/issues/detail?id=2949
In the discussion thread amoung the users, there seem to be two possible
solutions (although this was not confirmed by Google, since the issue was
declined):
1. Complete factory reset.
2. STEPS:
1) Get to a shell prompt. If you're using ADB, it's "adb shell". If
you're using a
terminal/console app, just launch it.
2) Type "rm /data/misc/rild_ril.clip"
3) Reboot the phone.
My phone is currently not rooted and I have no intentions to root it in the
near future. Also, I do not favour the idea of a factory reset, since I
shall have to re-install all my applications, which will take time. The
second method to solve the problem seems the most probable in my case,
however the only problem is that, since I am not very good on the technical
stuff (i.e. 'shell prompt', 'console app', 'ADB'), I cannot figure out how
to perform what that method requests.
I would be very grateful to a person who would explain how to sort the
problem out in clear, step-by-step, user-friendly language.

[App Idea] Plan B for data recovery on broken stock phones.

I feel this idea could be useful for a lot of us, not on our phones since we are likely rooted but on our family members and non tech friends stock phones. Which we usually end up fixing.
My idea if it is possible would be be for a "Plan B" type app for use after a broken screen, were the completely stock phone without ADB enabled needs data extracted.
My hope is that someone could make a app that is remotely installed from play.google.com that automatically turns on ADB debugging (if possible without root)
After that most data can be extracted with "adb backup" or adb pulls.
I can't count how many times this would of helped me in the past if it existed. Any dev up for the job? I am sure it would be appreciated by people.
Guess no one was interested in this idea.
shadowofdarkness said:
Guess no one was interested in this idea.
Click to expand...
Click to collapse
I think many of us are interested but one (so far) can help.
would be a good idea.... who ever was in need for something like that will be likely to pay for that... :laugh:
I could see this being a massive security risk. Sure the app could be handy, but it would also make stealing info from a phone very very easy.
So on that note, I don't think it will ever make it through, though I am sure there are ways.
Just install something like SMSBackup+: https://play.google.com/store/apps/details?id=com.zegoggles.smssync
Set it to automatically back up to their gmail, every so often, and then when it comes time to have to do repairs, you can get all of their calling/sms stuff back, since Google automatically deals with the contact infos.
it wouldn't be a security risk since the only way to install it would be from play.google.com which no one can do without your password. also pour planning with other software is not the point of this since I have been asked to recover data from devices by people that I honestly had no clue they owned the device before they broke it.usually family I don't see on s normal occurrence.
I've always been taught to keep a back up of anything you consider important.
Either way...
There are ADB backup solutions out there, there are recovery apps in the Playstore that will scan for missing or deleted files.
If you have access to the Playstore you have access to all the already available recovery apps. Why the need for an app that will basically root and unlock the device from behind their 'lock screen'?
If you have no direct GUI access, you want an app that you run on your computer that forces the phone connected via USB, to unlock and let you access whatever you want before you restore the phone. This is a massive security problem, because anyone could download that app, and use it to break into phones.
Sound like the 'prior planning' apps, are the best way to go.
I think you are missing my point. I know that prior planning is the best but it it not always possible when dealing with people so tech illiterate that even thought they own the device they barely understand it is not a iPhone because that is what a smartphone is to them.
My intended use is for physicaly broken phones (mainly screen) where I can't control any apps with the screen or turn on ADB from settings.
You thought on the security risk is wrong since out of the ways I can think of to install it via play store on the phone is would not be used since that would mean the attacker could just go into settings and do it the normal way. sideloading is impossible since it would be redundent due to that already needing ADB on.
The intended way via the web is safe enough since the attacker would need your email, password.
Do you hate the "Plan B" app that gps tracks your lost or stolen phone that is already in the play store and gave me this idea. It shows in the store as having between half a million and a million installs. Do you think those people should of went without such a app and lost their phone since they should of just pre planned since it is better.

[Q/A][Discussion] NEC Terrain general discussion

Hello!
This is a discussion thread for NEC Terrain.
The hardcore steps, which are bootloader unlock, rooting and even repartitioning have found their solutions and can be found in:
http://forum.xda-developers.com/show....php?t=2515602 for the discussion
https://github.com/x29a/nec_terrain_root for an apk which opens for you an ability to have the system area of the phone writeable
https://github.com/alex-kas/nec_terrain for the last ideas on how recovery and boot images should be and a list of stock apps to disable with explanations
So, all questions regarding all the above should be asked in that thread as they are off-topic here.
Currently we have to use this device with its stock components. You are welcome to contribute with workaround related to known oddities here.
Note that many questions were already asked in the above mentioned thread and some of them have answers. However, since that thread is supposed to for the rooting/unlocking, it is more than logic to separate the topics and discuss the end-user phone features here.
If you have a serious idea towards a new custom ROM then you should go here
http://forum.xda-developers.com/android/software-hacking/rom-nec-terrain-custom-rom-t3162061
That thread is dedicated for the developers of a new csutom ROM for NEC Terrain
Thanks for understanding the thread aim and welcome!
First exploration
You can find apps which can be disabled with some explanation why in
https://github.com/alex-kas/nec_terrain/tree/master/system
The speciall account should be paid to the following issues:
Why stock Contacts and Phone must not be disabled
Why apps with provider in their name should treated carefully
Current impossibility to activate a soft keyboard (if you need chinese, for example).
The latter question of a soft-keyboard for this phone has been asked before in
http://forum.xda-developers.com/show....php?t=2806270
and has no answer. There is further discussion on this in my github (see above)
On more oddity which at least my phone has: when I travers to
Settings->wrieless & networks->more...->Mobile networks
I see as the last option "network operators". This option i constantly greyed out. It is useful in roaming as often different orpeators have different prices. Also, near the borders of a country som eforeignn operators can be captured. This is bad. Anyone with ideas on this?
i was wondering if someone with a fully functional Terrain upload their /system/app folder and its contents, I've seemed to remove an essential app somewhere and now I can't do phone calls or terrain hotspot.
Daxiongmao87 said:
i was wondering if someone with a fully functional Terrain upload their /system/app folder and its contents, I've seemed to remove an essential app somewhere and now I can't do phone calls or terrain hotspot.
Click to expand...
Click to collapse
I can do this tomorrow. I am able to phone call, hotspot, etc. I've noticed that with me, sometimes the phone UI won't show up when someone calls me so I cannot answer the phone... If this happens, just do a Wipe Data on the phone apk and reboot.
Sent from my LG-D415 using XDA Forums
@jasonmerc much appreciated! My backup phone just isn't cutting it for me!
Daxiongmao87 said:
@jasonmerc much appreciated! My backup phone just isn't cutting it for me!
Click to expand...
Click to collapse
No problem man . Just curious, what is your backup phone?
Sent from my LG-D415 using XDA
My nieces phone for her upcoming birthday. The excuse I'm making to myself is that I'm "test driving" it. It's called the Xperia Tipo, she's only 9 and would be using it at more or less a little toy; no SIM card. I have better ones actually, HTC One and a Moto X (2013), the latter being my favorite phone without a hardware keyboard.
I'm wondering about 2 questions, guys:
1. @Daxiongmao87, what is the hotspot you are talking about?
2. @jasonmerc, can you provide to me the list of your apps, enabled and disabled? Or, if you just uninstalled them (so no disabled) then only enabled.
I want to see the list given in adb shell by
pm list packages -e -f [for ENabled with file-names]
pm list packages -d -f [for DISabled with file-names]
I'm curious about this can/cannot do phone calls. I had established some dependence but you have said you CAN do calls with attsettingsprovider disabled and even see contacts. Very strange to me and I want to find the truth I.e. Can I or not eventually get rid of stock contacts at all.
Thanks in advance.
@alex-kas hotspot meaning wireless tethering. There's a system app with the package name containing hotspot. I believe jasonmerc already provided me with that earlier along with the phone apk, but ultimately did not help fix my issue. My symptom for the two issues are as follows:
Wifi Hotspot (Tethering)
-Under the Tethering & portable hotspot menu, toggling Portable Wi-Fi hotspot reveals a subtext that reads "Failed to set transmit power"
Phone Calls
-My phone no longer notifies me whether or not I have a SIM card. No icon or any indicator at all. My signal icon always shows zero bars. attempting to make a phone causes Contacts to crash ("Unfortunately, Contact has stopped.") and haults the phone call process.
I hope this information helps a little bit. More than likely i'm missing a vital app that I carelessly removed upon tinkering.
Daxiongmao87 said:
@alex-kas hotspot meaning wireless tethering. There's a system app with the package name containing hotspot. I believe jasonmerc already provided me with that earlier along with the phone apk, but ultimately did not help fix my issue. My symptom for the two issues are as follows:
Wifi Hotspot (Tethering)
-Under the Tethering & portable hotspot menu, toggling Portable Wi-Fi hotspot reveals a subtext that reads "Failed to set transmit power"
Phone Calls
-My phone no longer notifies me whether or not I have a SIM card. No icon or any indicator at all. My signal icon always shows zero bars. attempting to make a phone causes Contacts to crash ("Unfortunately, Contact has stopped.") and haults the phone call process.
I hope this information helps a little bit. More than likely i'm missing a vital app that I carelessly removed upon tinkering.
Click to expand...
Click to collapse
Have you read my github?
https://github.com/alex-kas/nec_terrain/tree/master/system
If not, try to see there. I spent quite a time and I'm sure my phone IS working in both aspects you mention. Pay attention to: contacts, phone, attsettingsprovider and installation of "dw contacts". All of that is by purpose. Perhaps, my phone would not work w/o "dw contacts" but I just learned that a replacement (which joins phone app and contacts app, which are disintegrated once you remove attsettingsprovider) MUST be.
You will find there files: lists of enabled and disabled programs. Compare with yours. In adb shell:
pm list packages -d [gives disabled packages] -s [if only system]
pm list packages -e [gives enabled packages, all, system and 3-rd party] -s [if only system]
My lists contain ONLY system apps. 'system' are those who reside in /system/apk OR in /data but are upgrades to initial system apps. Hope this helps. If you have put there superuser - it is system now, for example.
I can also imagine that moving some app to sdcard makes the system buggy. I had no full skype autostart then it was moved.
hotspot in the name does NOTHING with tethering.
@alex-kas you should have a full list of apps I have installed already, I PM'd you a list a while back. About to do the /system/app dump, most likely I'll package it as a zip or 7z file and upload and share from Google Drive.
Also as a little update, I mentioned the GPL stuff in my ATT thread. Waiting for a response
Sent from my LG-D415 using XDA
Here's the contents of my /system/app folder. Apparently I don't have ATTSettingsProvider.apk, BUT I still have ATTSettingsProvider.odex if that makes a difference.
https://drive.google.com/file/d/0BxupjEjigG4taFZhWXl3RjVULTA/view?usp=sharing
alex-kas said:
Have you read my github?
https://github.com/alex-kas/nec_terrain/tree/master/system
If not, try to see there. I spent quite a time and I'm sure my phone IS working in both aspects you mention. Pay attention to: contacts, phone, attsettingsprovider and installation of "dw contacts". All of that is by purpose. Perhaps, my phone would not work w/o "dw contacts" but I just learned that a replacement (which joins phone app and contacts app, which are disintegrated once you remove attsettingsprovider) MUST be.
You will find there files: lists of enabled and disabled programs. Compare with yours. In adb shell:
pm list packages -d [gives disabled packages] -s [if only system]
pm list packages -e [gives enabled packages, all, system and 3-rd party] -s [if only system]
My lists contain ONLY system apps. 'system' are those who reside in /system/apk OR in /data but are upgrades to initial system apps. Hope this helps. If you have put there superuser - it is system now, for example.
I can also imagine that moving some app to sdcard makes the system buggy. I had no full skype autostart then it was moved.
hotspot in the name does NOTHING with tethering.
Click to expand...
Click to collapse
http://pastebin.com/1yRtvVhz
Thank you for your assist!!
And @jasonmerc thanks a bunch!! Giving it a shot now
EDIT: back online with wifi tethering and cell network thanks again guys
Edit 2: By the way, has anyone experienced unexpected reboots during high RAM usage? Games for example?
Sent from my NEC-NE-201A1A using XDA Free mobile app
@alex-kas after successfully applying your custom recovery and resizing my partitions i seemed to have lost my boot animation and sound. It just shows a black screen. Is this intended? Perhaps with the new build.prop?
Yeap, i disabled bootanimation. It seems to increase the boottime even more.
Sent on the go
Yes, I've experienced reboots when doing multiple things. For me it's usually just watching a video or something... Perhaps it overheats and that's what causes the reboot. On average my Terrain's CPU is somewhere in the 120°F range, and if I use it it can go up to 145°F at times. It will sometimes even get so hot that I get a notification stating the device is too hot to continue charging, and I need to try charging again in a few minutes. Is this normal?
Sent from my LG-D415 using XDA
jasonmerc said:
Yes, I've experienced reboots when doing multiple things. For me it's usually just watching a video or something... Perhaps it overheats and that's what causes the reboot. On average my Terrain's CPU is somewhere in the 120°F range, and if I use it it can go up to 145°F at times. It will sometimes even get so hot that I get a notification stating the device is too hot to continue charging, and I need to try charging again in a few minutes. Is this normal?
Sent from my LG-D415 using XDA
Click to expand...
Click to collapse
Hmm I thought I replied to this. I experience overheats as well, but mostly when using maps. However, I haven't been able to see a correlation between reboots and overheating. I have a feeling that when available memory gets too low the system becomes unstable and inevitably reboots. With the new partition size I was able to install hearthstone without any need for apps like Link2SD, but upon loading all of its assets to start an actual game session it reboots every single time. When not attempting to play that game, during times where the phone feels sluggish or unresponsive, it often follows with a reboot.
Daxiongmao87 said:
Hmm I thought I replied to this. I experience overheats as well, but mostly when using maps. However, I haven't been able to see a correlation between reboots and overheating. I have a feeling that when available memory gets too low the system becomes unstable and inevitably reboots. With the new partition size I was able to install hearthstone without any need for apps like Link2SD, but upon loading all of its assets to start an actual game session it reboots every single time. When not attempting to play that game, during times where the phone feels sluggish or unresponsive, it often follows with a reboot.
Click to expand...
Click to collapse
This is exactly what I have denoted as the kernel bug, see
http://forum.xda-developers.com/showpost.php?p=61915007&postcount=293
In addition to the info there: reboots happen if several not so big files (say, 50MiB each) are read in a row, not just a single file of > 500MiB. Loading a large set of game assets just confirms this.
I traced this bug and the point is that its origin is a mystery to me. It is in a part which I would never imagine was changed from the linux source. Just no need for this.
In short, the ext2,3,4 driver, reading data, then caches them (linux always caches, all it reads, as much as possible). At some point the cache request to allocate the memory just ignores the negative answer (i.e. no memory), it just does not check this answer at all and caches to NULL, i.e. start of the memory, where the memory map is. As it is the kernel, it has right to write there, writes, kernel panics - reboot.
How come? I have no idea. This code was already working in about 2005 ... and bug-free in about 2008 ...
@alex-kas you get what you pay for I guess...
Sent from my LG-D415 using XDA
jasonmerc said:
@alex-kas you get what you pay for I guess...
Sent from my LG-D415 using XDA
Click to expand...
Click to collapse
What exactly you mean? The phone is not that cheap. If new. Especially from att.

Unknown activity HTC ONE M9

I have unknown activity on my phone.
Along with numerous "unknown" outgoing calls with no number shown on my device (and 2 other M9 phones on the same plan) or any number registering on my carrier's system (when I called R, they said their system did show connected calls lasting various amounts of time, the could not determine what number the calls were going to), there's also a call in the log going to "(unknown)" "***,144***"
Anybody have any clue what's going on? R gave the bs answer that all 3 of us were calling our VM, even while we were sleeping. However, the times we did check our VM, the number did register on the phones and with the carrier's system.
Thanks!
Im adding a question. My M9 was unlocked without my knowledge. I'm guessing that ***,144*** might be the secret unlock code. IS there a way I can determine if it's been rooted as well?
--
squidstings said:
I have unknown activity on my phone.
Along with numerous "unknown" outgoing calls with no number shown on my device (and 2 other M9 phones on the same plan) or any number registering on my carrier's system (when I called R, they said their system did show connected calls lasting various amounts of time, the could not determine what number the calls were going to), there's also a call in the log going to "(unknown)" "***,144***"
Anybody have any clue what's going on? R gave the bs answer that all 3 of us were calling our VM, even while we were sleeping. However, the times we did check our VM, the number did register on the phones and with the carrier's system.
Thanks!
Click to expand...
Click to collapse
Interesting issue. I am not sure about the rooting. You are probably going to need to ask experts around here. Hopefully, they can help you with that. As for security, you could try checking if you have any suspicious apps running in the background or installed (You might be using same GPS or another app for example). It could be that one of the malicious apps had access to your calls which lead to them outputting calls to somewhere. You could try disconnecting your internet for a day and see if the calls persist (That is probably not an option for you, but it is an idea). Additionally, you could try a factory reset on one of the phones and see if the problem is still there.
squidstings said:
Im adding a question. My M9 was unlocked without my knowledge. I'm guessing that ***,144*** might be the secret unlock code. IS there a way I can determine if it's been rooted as well?
Click to expand...
Click to collapse
just saw this,
https://www.xda-developers.com/htc-says-the-ads-in-its-keyboard-are-a-mistake-fix-icoming/
which reminded me of your issue, though I don't suppose it's linked, but it does make you wonder WTF HTC are up to!
Anyhow with your issue I wasn't going to answer as I don't know the answer but my thoughts may help in some small way. I don't thank the 144 is a phone developers code to "root" or turn of security in some way as that would not show on your provides call logs as they stay internal to the phone (mostly). Also I don't think it's adware callng a premium number as your phone company says it does not register properly, so nobody will be paid.
That only leaves a more malicious form of hacking, I would say. So maybe that code does enable your data to be sent but untrckable over a network. That suggests to me it's possibly your actual network (who are R? What country, is it?) or maybe even your government if you are an activist or something? Though more likely is a criminal or business competitor, assuming the other people affected are business colleagues. So could be your boss trying to snoop on you all, if not HTC or the Chinese Communist Party aparatus!
What to do? As Ross says disconnecting is probably not practicable. If you have malicious activity they probably are using data as well as calls. So I would install a firewall to block most apps and log attempted connections (normally have to pay for this) then check IP addresses tell see if they are legit. However this may not show anything as data may go via root. So setting up a proxy to route traffic to your PC and use a sniffing program to see traffic or at least I P addresses.
You can download root checking apps from play store. Also check your security settings any app with admin rights? Also use a good antivirus you might get lucky, but even if negative you may still be infected.
Only way to really clean your system is to reinstall your OS, though a factory reset will fix often. But first you need to know how you were all compromised and fix that else it will just return, I would think it's most likely your local work network, (but could be your provider R or even something else you connect to in sore way eg Bluetooth, or an app you all have (you can boot into safe mode to disable 3rd party apps, but with HTC system apps possibly containing apps that use the Baidu apk etc that still has a possible backdoor unpatched (as far as I know) safe mode will not help white those!)
You might have to look into freezing/uninstalling all HTC installed apps.
IronRoo said:
just saw this,
https://www.xda-developers.com/htc-says-the-ads-in-its-keyboard-are-a-mistake-fix-icoming/
which reminded me of your issue, though I don't suppose it's linked, but it does make you wonder WTF HTC are up to!
Anyhow with your issue I wasn't going to answer as I don't know the answer but my thoughts may help in some small way. I don't thank the 144 is a phone developers code to "root" or turn of security in some way as that would not show on your provides call logs as they stay internal to the phone (mostly). Also I don't think it's adware callng a premium number as your phone company says it does not register properly, so nobody will be paid.
That only leaves a more malicious form of hacking, I would say. So maybe that code does enable your data to be sent but untrckable over a network. That suggests to me it's possibly your actual network (who are R? What country, is it?) or maybe even your government if you are an activist or something? Though more likely is a criminal or business competitor, assuming the other people affected are business colleagues. So could be your boss trying to snoop on you all, if not HTC or the Chinese Communist Party aparatus!
You might have to look into freezing/uninstalling all HTC installed apps.
Click to expand...
Click to collapse
Thank you!
Rogers, Canada. But I've switched carriers within the last few days.
I've actually done the FR 5 times now. Disabeling the pre-installed "Gmail" (I think it's more Google thn HTC related seems to have stopped the calls. I've disabled as much as I could.
so here's the kicker. I'm literally nobody! On disability, no exciting employment history and those In my family who have, aren't in contact, nor do I have contact info. And it was my wife and daughter who had the other phones, but mine was central i think. daughters phone was locked. So nothing so exciting. Which is why I even bothered asking lol
squidstings said:
Thank you!
Rogers, Canada. But I've switched carriers within the last few days.
I've actually done the FR 5 times now. Disabeling the pre-installed "Gmail" (I think it's more Google thn HTC related seems to have stopped the calls. I've disabled as much as I could.
Click to expand...
Click to collapse
Ah! Rogers Canada should be a well controlled and trustworthy provider, so probably not them, though a rogue employee or having their network compromised can't be ruled out.
Also if official Gmail app it should be safe though it does have some quite intrusive permissions like full network access, view confidential info etc, but all are legit if you want the full functionality of Gmail. But it shouldn't have access to place phone calls, so should not be able to create the behaviour you describe.
That leaves a rouge app, but you would all need to have it I suppose, HTC app (or system behavior) or local hack ie via your router or via your PC. A good anti virus should find rogue app on phone and similarly on PC. HTC system apps hard to spot without doing the firewall etc etc. So I would also be double checking your local router for firmware update and resetting it with a new strong password, to prevent possible return, so to any Bluetooth devices.
Hope it doesn't return! All the best
been a while but, just how does one get a "," in the phone keyboard? long press * for P, but no ",".
Now that time has passed and more people might be awake and less likely to make excuses, I'm wondering if this issue can be solved, or at lest thought about intelligently. Maybe someone who knows how it CAN happen, instead of trying to find ways I'm mistaken. this was on THREE SEPARATE PHONES in 2 separate cities.
squidstings said:
been a while but, just how does one get a "," in the phone keyboard? long press * for P, but no ",".
Now that time has passed and more people might be awake and less likely to make excuses, I'm wondering if this issue can be solved, or at lest thought about intelligently. Maybe someone who knows how it CAN happen, instead of trying to find ways I'm mistaken. this was on THREE SEPARATE PHONES in 2 separate cities.
Click to expand...
Click to collapse
Check with a root app to see if your device is rooted
check permissions also you can take back permissions with a app on fdroid
unknown app check with virus total or
IF someone has root on your phone they can do what they want and when they want
a app that has call access they can transfer information over a phone connection which can be anything
The troubling thing here is that your phone was unlocked w/o you which implies root access
IF you bought your phone new you might not be anybody but to be put in perspective amazon lets you steal $500 if you use another id and they say it is not you so you do not lose out
but if it is used this can be from the previous user.
The best thing to do if it does not stop is to upgrade the software on the phone if you have already done that then use a Root firewall or change to a rom here on xda (you can all change making the transition easier).
Applied Protocol said:
Check with a root app to see if your device is rooted
check permissions also you can take back permissions with a app on fdroid
unknown app check with virus total or
IF someone has root on your phone they can do what they want and when they want
a app that has call access they can transfer information over a phone connection which can be anything
The troubling thing here is that your phone was unlocked w/o you which implies root access
IF you bought your phone new you might not be anybody but to be put in perspective amazon lets you steal $500 if you use another id and they say it is not you so you do not lose out
but if it is used this can be from the previous user.
The best thing to do if it does not stop is to upgrade the software on the phone if you have already done that then use a Root firewall or change to a rom here on xda (you can all change making the transition easier).
Click to expand...
Click to collapse
Thank you for taking the issue seriously and not trying to force kool aid down my throat (if carrier was "trust"worthy, THEY would have solved it).
It didn't show root. 2 of 3 m9s were mysteriously unlocked. the 3rd did prompt for a code, but did also show those "unknown #" calls. However, I'm still stuck on the code. I can't even enter a ",". Didn't check the other units for it, but it's still the only unanswered issue that could explain the unlock (aside from your suggestion). No one's even heard of it, but programmers are known for adding backdoors. If anyone's got a new, s-on unit and feels like trying it, that's about the only way to get an answer.
It's dead now anyways. Battery won't charge unless powered off and went from 24+hours regular standby to about 3 hours with extreme powersave on, overnight and doesn't extend with usb power. usb data comm isn't even recognized. All 3 have failed actually (different ways) so I'm going back to my m7 which still works great. Except, it says s-on but works with different carriers and I can't even enter the code I paid for (no prompt. is there another way?)
So, here's the tinfoil hat part. Although I'm nobody, This all started around the time of the '16 election. when I was arguing with a youtube account named (not looking to attract attention so no name, but you know it) for the person who came 2nd.
Thank you for your help. It's a shame it's pooched before solving the issue. But hopefully, the code will be solved.
But any help entering my sim unlock code a different way would be appreciated. But if other carrier sims work, should root be doable while showing s-on?
Thanks a TON!!
squidstings said:
Thank you for taking the issue seriously and not trying to force kool aid down my throat (if carrier was "trust"worthy, THEY would have solved it).
No one's even heard of it, but programmers are known for adding backdoors. If anyone's got a new, s-on unit and feels like trying it, that's about the only way to get an answer.
Click to expand...
Click to collapse
It would seem in your case that it is a setting change that was made and not comparable to other phones. Probably what we are talking about is a connection to a command server. S-on is a protection so that one cannot change the state of certain partitions namely the recovery boot and system however their are ways to get around this. You would need to get a root app to do that.
As a general rule you need to prove something is going on and funny numbers are a indication but nobody in the security community would touch it because it is very open. What you need to do however is
Get a copy of the calls use pcap and
check your firmware with the standard HTC firmware
this will show you what the phone call is doing and will help the android community overall (improved security)
Also programmers do not try to add backdoors they try to have a good product it is the hacking/security teams of _________ that do that. This being a programmer myself.

Categories

Resources