[RANT] Google's new ADM problem, password changing blocked. - Security Discussion

The Android Device Manager can be used to track, erase, and make a device ring.
Before it could also be used to change a password remotely, apparently now that feature can only be used to add a lock screen to a device that doesn't have one already. This is a huge problem.
The most obvious example of where the remote password changing would be used is theft. What if a thief knew your phone's password? If we can't change the password remotely anymore then we're screwed there. That thief has access to everything including the device's administrative apps. The thief could easily go into the settings and disable the ADM. Therefore even if we did try to get on ADM and erase the phone we can't because ADM is disabled!
Is this a problem only I am having? Does anyone else find this a problem? What are your perspectives on this?
In case you don't know what I'm talking about, this is what happens when you try to set a new password now:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

You can allow google to do this by going to Google Settings->security->Allow remote lock and erase. When you turn this on, you can change your password remotely (see screenshot below).
But I do agree with you. ADM should be harder to disable (anyone past lockscreen or anyone you lent your phone to can disable it). My solution is that you use applock to prevent the thief to get in to settings (although this can be bypassed). However, in my own experience, 95% of thieves are not that smart.
Also, under no circumstances should you let your phone password leak. Use a fingerprint scanner (or heck, an iris scanner) if you need to.
p.s. allowing ADM to remotely change passcode allows Google, the FBI, or someone with your Google login to access your phone

Everything in this thread is on its head. Google ADM is a huge security hole that makes your device vulnerable to the outside world. Google is trying to patch remote exploits, such as stagefright, but ADM is an open door and invitation to steal. Google have realized that and made the hole somewhat smaller. ADM should be permanently disabled, which is the first step in securing your device.
In addition, 99% of thieves don't care about your data, but rather want the device. The first thing they do is wipe the device via bootloader or, if your bootloader is locked, by clean flashing stock firmware.

The reason this is blocked is because the remote lock feature also changes your lockscreen code (and therefore device encryption key). It means a device that is otherwise locked can be accessed via various kinds of social engineering attacks.
Imagine a corporate device is stolen. The thief gets a hold of it, and is able to social engineer you (see https://www.macobserver.com/news/stolen-iphone-watch-identity-theft-phishing-schemes/) into changing the password on it. Or even just get your Google login password and change the device password from there. They now have access to the device.
Removing this feature is doing what should really have been done long ago. If the thief knows your lock password, then you have bigger problems. They could have prevented you from changing the password. They could turn it off (now knowing the password), and turn it on with no WiFi signal and cell signal (i.e. remove the SIM). They could even just drop it in their Faraday bag. If a thief has gone to the effort to know your device password, they're targeting you, and should know to bring a Faraday bag with them.
Tl;dr In the long run it is not making you any less secure, unless you had your lock PIN as "1234" or similar. A thief caring to know your password will take the device offline immediately, stopping this from working.

You guys should check out Samsung's find my mobile, can do anything remotely plus change codes.
I also hear that the connection between the device and the Samsung servers are unencrypted...
Sent from my Samsung Galaxy Note 7 using XDA Labs
---------- Post added at 04:38 AM ---------- Previous post was at 04:34 AM ----------
tem02 said:
You can allow google to do this by going to Google Settings->security->Allow remote lock and erase. When you turn this on, you can change your password remotely (see screenshot below).
Click to expand...
Click to collapse
It will not change your code, It might push a new code on top of your pattern lock, but once you are past the new code you'll still need to enter your pattern.
Sent from my Samsung Galaxy Note 7 using XDA Labs

Related

[Tutorial] - How to use Google’s Android Device Manager

How to use Google’s Android Device Manager
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Lose your Android device, either to theft or your own forgetfulness, is certainly not fun, that's what happened to my wife last month with my Nexus 7 3G. Google has finally released its response to the loss or theft of your Androphone with Android Device Manager.
It should hit your device soon, if not already, to help you locate or wipe (factory reset) your Android device lost. Here's how to use it.
INSTALL
Click to expand...
Click to collapse
Android Device Manager will automatically hit your device without having to do a thing. If you don't have it yet, you will soon receive. But before you can take full advantage of ADM, you will need to do some things, such as allowing factory reset on your device. Its implementation is quite simple..
First, visit google.com/android/devicemanager.
and if you want you can download the apk => com.google.android.gms-1.apk - MD5 Sum: d1884b750aff2dc3ff435f95510420cb - Size: 7.30 MB (7649893 bytes)
From there, a map will pop up with some information about your device, along with a prompt to enable the Erase Device function of ADM. You can either manually open up the green Google Settings app, which should be in your app drawer, or use the send notification link on the ADM webpage, giving you an easy way to find exactly where you need to be to enable remote factory reset.
If you don’t use the notification, just open Google Settings, and select Android Device Manager.
The option to toggle both the ability to factory reset your phone from ADM, and locate it, will be in there.
Using ADM
Click to expand...
Click to collapse
After you’ve done that, you’re ready to set to go. At the moment, there are three main functions of Android Device Manager. You can ring a lost phone, factory reset a lost phone or locate your device on a map using your phone's GPS. You can also rename what your device appears as in ADM.
Simply you can load ADM online and will show you the location of your device, but if you’re tracking it while it’s on the move, there’s a refresh button that will recalculate your device’s location.
If your device is located somewhere simply, like in your own house, you may want to use the Ring function. As Google explains, even if your phone is on silent, using the ring function in ADM will force your phone to ring at full volume for five minutes. To turn it off, you have to press the power button on your phone.
There’s nothing on your device indicating why it’s ringing, you’d have to know how to stop the ringing or play around to figure it out.
If you believe your device has been stolen, and you have some precious information on it, then the Erase Device function will come in handy. After you click Erase Device, a pop up will tell you what it will erase (essentially everything), and what will happen after that.
Unfortunately, Google says it “may not be able to wipe the content of the SD card in your device.” Best of luck if you have anything private on there.
If your device is off when you try to factory reset it, have no fear. The moment it’s turned on, it will be erased.
You may think erasing the content of your device is the best thing to do as soon as you find it’s missing, but you may want to hold on. After you erase your device, ADM will not work anymore.
Conclusion:
Click to expand...
Click to collapse
For the moment, that’s all there is to it. As with all of Google’s products, we expect to see more features added in time and more practice
Thanks to Androidandme
how can I delete a device from my list?
I've a device which I'm selling (S4 Active SGH-i537) and I don't want it to appears. The phone is formatted and with any Google account registered.
My 30 minute test
It has a few problems:-
the ADM lock and erase activation appears to be disabled each time you use the lock function - seems illogical. Also any updates via Google Store will disable it (not tested as already updated). Obviously completely useless if it gets disabled without informing the user.
the ADM functionality is not very secure as easily disabled by the thief/finder of the phone - so again off little use.
Tracking function is good though - suggest you use that to try and locate phone, then go and steel it back - do not use lock/erase, just ring to ensure that system not disabled.
obviously if you are willing to abandon the phone, then the erase function can save many embarrassing or costly situations with contacts/banks etc. But be careful what you store on external SD cards, as I think they are not erased.
There are other applications around for similar functions, a quick look seems to show they are more secure. Hopefully Google will soon update there version to match or beat them.
Anyone used similar systems? good and bad comments appreciated.
Should be better
I'd dare to use this ADM if it was indeed more secure as mentioned before, it is way too easy for a thief with basic knowledge on android to disable this..
As of my personal POV I buy my devices off ebay if I need callsbor texting I use a crappy phone with a basic text and talk plan...I now have the note 3 I got for half the price but I'm not planning on activating it, so in the event it gets lost, it would totally depend on wifi..Also ADM can be uninstalled as an user app..there should be an alternative for us, root users, to make the app persistent even after a factory reset../system perhaps?
So until there is a fail-proof software that will help you find your device even in the most dire of situations, I'd dub this one kind of useless..
thnx
Thanks for the Great Tutorial .....
Thanks for the detailed article
OK, so, really wishing I hadn't deleted Cerberus off my phone... only later to have it stolen.
ADM is... well, kind of useless as it stands. Oh well. Lesson(s) learned.
I have remotely erased my phone - or at least I hope I have. The phone was offline so the ADM site said it would be erased as soon as it goes online again. My question is... how do I KNOW if it's been done???
also useful is google location history from a PC if you lose your phone in conjuction w/ android device manager. ADM won't work if phone powered off but location history will show you where youre phone was. I found out about this location history feature too late for me but hopefully it helps someone else with a lost phone.
Google - why don't you put a link to locaiton history on android device manager page.

[APP] [HOWTO] - How to use Google’s Android Device Manager - Galaxy S4

How to use Google’s Android Device Manager
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Lose your Android device, either to theft or your own forgetfulness, is certainly not fun, that's what happened to my wife last month with my Nexus 7 3G. Google has finally released its response to the loss or theft of your Androphone with Android Device Manager.
It should hit your device soon, if not already, to help you locate or wipe (factory reset) your Android device lost. Here's how to use it.
INSTALL
Click to expand...
Click to collapse
Android Device Manager will automatically hit your device without having to do a thing. If you don't have it yet, you will soon receive. But before you can take full advantage of ADM, you will need to do some things, such as allowing factory reset on your device. Its implementation is quite simple..
First, visit google.com/android/devicemanager.
and if you want you can download the apk => com.google.android.gms-1.apk - MD5 Sum: d1884b750aff2dc3ff435f95510420cb - Size: 7.30 MB (7649893 bytes)
From there, a map will pop up with some information about your device, along with a prompt to enable the Erase Device function of ADM. You can either manually open up the green Google Settings app, which should be in your app drawer, or use the send notification link on the ADM webpage, giving you an easy way to find exactly where you need to be to enable remote factory reset.
If you don’t use the notification, just open Google Settings, and select Android Device Manager.
The option to toggle both the ability to factory reset your phone from ADM, and locate it, will be in there.
Using ADM
Click to expand...
Click to collapse
After you’ve done that, you’re ready to set to go. At the moment, there are three main functions of Android Device Manager. You can ring a lost phone, factory reset a lost phone or locate your device on a map using your phone's GPS. You can also rename what your device appears as in ADM.
Simply you can load ADM online and will show you the location of your device, but if you’re tracking it while it’s on the move, there’s a refresh button that will recalculate your device’s location.
If your device is located somewhere simply, like in your own house, you may want to use the Ring function. As Google explains, even if your phone is on silent, using the ring function in ADM will force your phone to ring at full volume for five minutes. To turn it off, you have to press the power button on your phone.
There’s nothing on your device indicating why it’s ringing, you’d have to know how to stop the ringing or play around to figure it out.
If you believe your device has been stolen, and you have some precious information on it, then the Erase Device function will come in handy. After you click Erase Device, a pop up will tell you what it will erase (essentially everything), and what will happen after that.
Unfortunately, Google says it “may not be able to wipe the content of the SD card in your device.” Best of luck if you have anything private on there.
If your device is off when you try to factory reset it, have no fear. The moment it’s turned on, it will be erased.
You may think erasing the content of your device is the best thing to do as soon as you find it’s missing, but you may want to hold on. After you erase your device, ADM will not work anymore.
Conclusion:
Click to expand...
Click to collapse
For the moment, that’s all there is to it. As with all of Google’s products, we expect to see more features added in time and more practice
Thanks to Androidandme
Thank you so much, everything seems to work!
~(ACE)~ said:
Thank you so much, everything seems to work!
Click to expand...
Click to collapse
Yes, all seems work I haven't still tried because the apk wasn't release when my N7 has been stolen by the hands of my wife
It should have an option to force-open the gps setting in google settings for accurate device location in case the gps is turned off & lost.
Sent Via I9300, Stock XXUFME7, 4.2.2.
Tanks for helping
In My GS4, ADM is at:
Settings>More>Security>Device Administrators>ADM
You just have to tick it.
Another option is going to ADM webpage and "send a notification to device", it will open the dialogue box in GS4 to authorize remote Factory Reset via ADM.
Hope this helps some.
I had my phone beside me while watching curling the other day and had no clue what adm was. All the sudden my phone started ringing bus I wasn't getting a call so I thought nothing of it until my phone looked like it turned off and on. When it turned back on everything was gone. About 400 photos, all my apps, videos, everything was gone. How did this happen?

CM12 Privacy Guard - WiFi Scan for Location always active?

As no one in the Q&A forum could give me an answer, maybe here someone knows what's going on "under the hood".
Privacy Guard tells me that location is constantly active using Wi-Fi scan with the settings app although I've Wi-Fi turned off:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
That is annoying as first I do not want my location constantly monitored and second this maybe also is not "battery friendly".
Anyone knows what's going on here exactly? Is it true what privacy guard tells me?
On CM11 the settings app was not constantly monitoring the location using Wi-Fi when Wi-Fi was turned off.
First have you gone to main setting>wifi>setting button>advanced>scanning always available and make sure its disabled. This is one of those crappy things google.just cant help.itself.not slipping i the and tries to cover it with goog.intentions which are questionable. It purposely buries it way down in setting even those that want to be sure its off may have trouble finding. Also if you look at.the wording its supposedly there to help other apps have your location but also adds "and for other purposes". Which in legaleeze means wide open and to google means we are going to log all the info we can to use for our profit.
Anyways make sure that is off first and formost. After that I will include someother info below to consider and just some FYI stuff you may or maynot be interested in.
I dont know what apks.you have loaded but I know if you have gapps installed there is a number of call home features built into it and if anyone knows how to.bypass things in android its google dev team. It is for this reason i deal.with the inconvenience of not having gapps. Choosing instead to side load or use fdroid and other alternatives for googles various apps. I duckduckgo for searchs. Privacy apk if I wanted to tweet or FB. Email I use a paid service but there are a jumber of free that do not log. I also keep things local and sync it with my pc so nothing is left on servers. You can even setup cloud storage in a way where it acts as a virtual drive and everyrhi g is encrypted while on the cloud but decrypts locally on the device so its seemless.on the users end.
Secondly even without any of these sort.of apps installed google has built in a quasi call back function into the kernel. Its main use is to identify when a data network connection is behind a captive.portal. The setting not accessable from the UI is global captive portal. Its what is the cause of the ! you may sometimes see on the signal bar animaton. Android gives you an option to disable it thru a terminal windohus by changing captive_portal_enable setting from 1 to 0. But interestingly enough its been found that even when set to disabled the system will still use the global captive portal entry regardless. Its setting is to client3.google.com IIRC.
The other issue is that if you have disabled captive portal you will lose the ability to save the config in wireless networks for any network that does not broadcast its ssid or any that is a captive portal which are basically all the commerical wifi such as starbucks book stores libraries etc.. See goggle wants all that info so they can map the worlds wifi network aps (you can now see one way they have found to use this with their up coming release of cellular service where one of its main features is to auto offload both data and calls to any open wifis it has access as they come in range. Thus dumpings its costs and load to.those other companies offering free wifi to its customers and the community)
Interestingly it only does this to wifi not cellular data even though it scans and indicates both with the "!".
The way to stop this is either change the global captive portal to loopback i.e. 127.0.0.0 or you can host a basic webpage your device.
You can do the same for the ntp service as well as it too calls out automatically regardless of.settings in the UI.
The other possibility of the location leak could be from someother app you may not have disabled network or location from that has a call home feature.
You could put a network scanner and log what ip and then see based on its owner to figure out the program.
Another idea is to run a firewall and creat a script to stop all of this kind of leaks. I would recommend AF+Wall.

Hacked ?? Please help a army veteran out

I don't even know how to get logs so I screen upped what I could
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I'll upload a video of what I could see but I need help. Somebody please help or tell me what info I need to get you to help , also my smart tv will act up , not work properly , volume all wierd and tv just seems off and then I reboot it's fine until it does it again and my phone acts funny slow or logins stop working or say wrong password . What do I need to upload here for help
Your browser is not able to display this video.
Keeping it short and simple
Wifi hidden networks always my TV starts being weird volume buttons don't work properly tv sluggish or in cast mode. Pc starts deleting my files on it's own downloads break my phone ...y phone ... My girlfriend always seems to know who I am talking to before I even know , she doesn't have physical access I can reformat factory reset within 30 minutes the same thing .. next day she's gone everything works fine .
Pleasehelpmeoif said:
Keeping it short and simple
Wifi hidden networks always my TV starts being weird volume buttons don't work properly tv sluggish or in cast mode. Pc starts deleting my files on it's own downloads break my phone ...y phone ... My girlfriend always seems to know who I am talking to before I even know , she doesn't have physical access I can reformat factory reset within 30 minutes the same thing .. next day she's gone everything works fine .
Click to expand...
Click to collapse
Here is something I don't know were to look . Also apps on phone start to lose privileges is it my Google account I'm just lost
Sounds to me like you're hacked. <<-
Bump
SpaceTech100 said:
Bump
Click to expand...
Click to collapse
@Pleasehelpmeoif can't really tell from your description what is happening.
If you are still working in space industry you are likely privy to some high tech IP, so you should take the issue to your work IT, hopefully they have someone with real security knowledge! As you would be a target for state sponsored hackers from other countries.
Else, only other thing that is guaranteed to fix is re flashing the latest firmware for your EXACT phone model, same country (& probably carrier if in US), you can find this info in setting "about phone". Just doing a factory reset will not remove malware/altered settings if it has compromised, so re installing OS by flashing is required.
However as your girlfriend can see your location etc maybe she or person with access to your phone installed "free" tracking app! Which then also ossibly turned out to also be dodgy . But it seems someone has access to your Google/phone mfr account which is likely compromised so you need to check what other devices have access to your accounts, remove any you don't recognise and change your Google/phone mfg password and likely your account retrieval details eg email addresses, even your phone number (if they have spoofed your phone!). This might fix.
But if it's particularly good malware/compromise that has spread through your networks then you need to factory reset, routers etc & change passwords, (imagine all your accounts have been compromised) for other devices too possibly reinstall (not just factory reset) other devices too! And change all passwords too. All devices should be done at the same time too. Nightmare!
So i would say too, youre Hacked the Signs Spoken for that!!!
Do Following
1# look what you Need for Software/OS/Firmware 4 all your Devices!!! and Collect/Download this from a other PC and take it on an USB Storage!!!!!
2# FactoryReset all your Network using Devices or make a Full Delete and ReInstall it, to have every Device in Clean State!!!
3# Reset your Router too and Setup it Freshly
4# Connect at First one Device and Setup Proxy/Tor/Orbot/VPN on this so that ya Stay Save with it!!!
5# Optional (look if your Router can be Modified like OpenWRT, and install a Proxy/VPN/Tor Service to Protect your Network)
6# Now you do the same Step #4 with the other Devices that can handle Proxy/Tor/Orbot/VPN Software!!
7# Now you stay Safe on Internet, check with IP Tracker if it would work!!!
8# Now change all your Passwords to a Secure AlphaNumeric pw with !"§$%&/()=?`min 8 charakters long!!!
9# After do that, you can check it there any Updates availible for your Devices and make this at this Time!!!To Stay Acctualy and have Security on your Device on newest Standarts!!!
10# Use a VirusSoftware with Interactive Firewall solution, so you can Accept/Deny/Temporailly choose a Connection to Internet (Block Temporailly all unwanted/unknown Connections and Test what it has done,when ya check this you can Accept or Deny the Connection Permanent in the Rules with Simple GUI)!!! My Choice is ESET SmartSecurity Premium on PC, with FakeEmailGenerator you can make after 30Days of Testing a New 30Days Trial, and this Steps you can do Unlimited so you must not Pay for this Software!!!
11# When ya have a Status with your Existenz Follow these Steps and Connect every Time Proxy/Orbot/Tor/VPN on Internet!!
12# Thats what i have done to stay Safe!!!

Hacked Android Phone

I have been hacked several times on my last two phones.
The functionality of my social media and email apps has been changed, causing data loss and compromising my online accounts. The type of connection is irrelevant.
Based on the symptoms, it appears that my apps may have been cloned and are being used to piggy-back, on my credentials, everytime I login.
What can I do to stop this, or make it so difficult for the attacker, that he gives up the chase?
What device/OS version?
Get the social media apps, shopping apps etc off the phone.
I would say copy your data (pics, music, docs etc.) out of your phone and in to some external storage, then do a full wipe/factory reset using some RUU. Odin tars, etc., re-install whatever apps clean from play store, or from apks that you download from reputable sources like APK Mirror etc., not restored from some Titanium backups, then copy your personal data back to your phone - oh, and before anything, change your passwords for ALL online accts everywhere using some clean device, NOT your compromised phone. You're looking at hours of work, but I don't think there is any other way to be sure.
Edit: If you use Play Store, you can go to your Google acc and see the approved Devices in Security section (again, while using a clean device), maybe you'll spot some device there which is not yours - then you can remove it.
Blackview A80 Plus.
I'm in the process of replacing the apps with web versions.
I've also added an app-locker, that forces a pin-code to be reentered everytime the app or window goes to background.
I'm also cutting the internet connection when my phone starts running slow.
The biggest problem is my emails. These have sometimes been destroyed during creation, the drafts and other emails deleted.
My bank accounts may also have been affected.
Deleted Google account on phone. Back up all critical data. Factory reset.
Reset Google password* with one that is at least 15 digits including symbol$ and letters. Write it down. Reload with caution; it's likely you installed the malware yourself at some point. Be helpful if you knew how it happened. This is rare or should be. Do not let other use your phone unless you're there.
*as imonxda said... do not reset the passwords on the infected device. May setup a new Google Gmail account to use as the main account backup contact.
I will do everything you suggest.
*Also, assuming this is an APT and the phone was coded to behave this way, in my juris..., what can I do to frustrate the attacker, to make piggybacking on my logins more of a chore and in general to increase his workload to the point where he can't really cause me anymore harm, or at least not very much.
I've done resets before and this is my second phone with this issue.
My last phone was a Xiaomi Redmi 8a.
I'm living in the pacific and my country is a satellite of A'[email protected] and they're just nuts...
MySecDev said:
I will do everything you suggest.
*Also, assuming this is an APT and the phone was coded to behave this way, in my juris..., what can I do to frustrate the attacker, to make piggybacking on my logins more of a chore and in general to increase his workload to the point where he can't really cause me anymore harm, or at least not very much.
I've done resets before and this is my second phone with this issue.
My last phone was a Xiaomi Redmi 8a.
I'm living in the pacific and my country is a satellite of A'[email protected] and they're just nuts...
Click to expand...
Click to collapse
Use a VPN, always use HTTPS.
Vet all apps. Keep all downloads in the download folder until vetted. Check download folder daily for anything that doesn't belong, if so delete, do not open.
Use this settings mode:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Intersting new development...
I emailed the Ooßsa Emb' here recently and they asked for a phone number. They didn't really need that to communicate with me, since they already had my email. Like a dope, I gave them one of my mob' numbers. That was about fifteen days ago. That's when I started noticing my phone's volume control lowering itself, on its own.
I should have told them that I didn't have one or that my phone was broken, I was out of minutes, etc.
Now, I get lots of ads for SKorean games and when I go into settings, to verify country settings, Play Store asks me if I want to change to the SKorean Play Store.
I've been to SKorea. They're an Ooßsa moorc state.
Also, the app locker I was using started popping-up pin entry windows continuously, until I had to restart the phone. This happened at least twice. This demonstrated unambiguously that the attacker had complete control of my phone.
Will a fact-reset change my IMEI? I think I read somewhere that it will.
The moral of the story is, never give the vog your phone number
I suppose you can give them the number of someone you don't like ;-)
MySecDev said:
Intersting new development...
I emailed the Ooßsa Emb' here recently and they asked for a phone number. They didn't really need that to communicate with me, since they already had my email. Like a dope, I gave them one of my mob' numbers. That was about fifteen days ago. That's when I started noticing my phone's volume control lowering itself, on its own.
I should have told them that I didn't have one or that my phone was broken, I was out of minutes, etc.
Now, I get lots of ads for SKorean games and when I go into settings, to verify country settings, Play Store asks me if I want to change to the SKorean Play Store.
I've been to SKorea. They're an Ooßsa moorc state.
Also, the app locker I was using started popping-up pin entry windows continuously, until I had to restart the phone. This happened at least twice. This demonstrated unambiguously that the attacker had complete control of my phone.
Will a fact-reset change my IMEI? I think I read somewhere that it will.
The moral of the story is, never give the vog your phone number
I suppose you can give them the number of someone you don't like ;-)
Click to expand...
Click to collapse
You need to increase the security on your accounts. A phone number shouldn't be enough info to allow someone hack you by alternate logon to your account(s).
You're not a high revenue target so what they're using mustn't take too much time; it's an obvious hole in your security.
Someone using a Stingray etc could do that though. You pi$$ off a LEO or someone in the DOD, NSA, FBI, etc really bad?

Categories

Resources