Unblockable Iphone 5 - Security Discussion

Hello there! I've got an iPhone 5 which cannot be blocked thru "Find iPhone" service. It means that I can sign in icloud account, enable find iphone function and then simply flash it thru DFU, turn it on and pass activation without entering account data. No custom software or something. I just can tune it like new device or enter other apple id. I wonder how that could be possible?
I've wrote to Apple bug reporter six days ago but no reply for now.
I want Apple pay attention on that problem and give me reply.

Izban said:
Hello there! I've got an iPhone 5 which cannot be blocked thru "Find iPhone" service. It means that I can sign in icloud account, enable find iphone function and then simply flash it thru DFU, turn it on and pass activation without entering account data. No custom software or something. I just can tune it like new device or enter other apple id. I wonder how that could be possible?
I've wrote to Apple bug reporter six days ago but no reply for now.
I want Apple pay attention on that problem and give me reply.
Click to expand...
Click to collapse
So wait..... Are you saying that you had an iPhone with the "iCloud Lock" enabled on it (meaning you could ONLY enter the owners email & pass to continue the setup) and somehow managed to get around it with some sort of trick???

Related

HTC Sense : my experience with HTC Support (or lack of)

Hi,
It all started about about 6 month ago, when i received my HTC Desire z (my 5th HTC branded phone).
I signed up on the all new HTCSense.com service. And it worked. At least for some time.
About 3 month later, i noticed i could not log in my HTCSense account anymore. Either from my phone or my laptop.
Here are the symptoms (on my laptop) :
On the login screen, i enter my email and password.
Then i click on Login
The Login button greys out and i have circle on the left to signify the site is "working".
I can wait up to 10 minutes, and the page doesnt change.
Sometimes after 20 or 25 minutes the website displays this error : "HTCSense.com is currently down for maintenance. We'll be back soon!"
I tried, and got the same result on Chrome, Firefox, IE9, and on 2 different computers
If i tried the "forgot your password", i got the same symptoms.
Out of curiosity, i tried to sign up a new account, with a new email, and guess what? it worked perfectly.
So i tried to type the wrong password on the sign up page, but logically, it warned my the password was wrong directly, so with this new account, i could not recreate the symptoms from the 1st account with this new account.
Therefore, i concluded it was a problem with my account and not password related.
So, 1 month later, i contacted HTC support Hotline, and they told me to wait a few days because their server were under maintenance and it would be back 2 days later.
So i waited .... 5 days... and it still didnt work. So i called again, and they kept telling me the same thing : "the server is under maintenance"
So i decided to use HTC Support online, and i explained my problem again and again by email.
But i always got the same answer : the server is under maintenance !!!
This was 2 months ago, and the server is still " under maintenance" ... But only for me.
So i decided to give up, and asked them to delete my HTC Sense account since i couldnt even login anymore.
Here is their answer to my request :
"Thank you for contacting us, Please try the following : In Sense.com website, after login in, go to Account > red link “Click here to delete your HTC Sense account” > input password"
There i think i could have grabbed a gun and kill myself, which obviously, i didnt
After i wrote them back, and made them understand i couldnt use this method to delete my account, they asked me to give them my login informations and PASSWORD.
Any sane web developper will know that if you need to ask the password of a customer to delete their account, there is something really wrong in their design. But well, i complied, and i sent them my password.
Now, here is their new answer : "our server is currently under maintenance so we cannot delete your account at this moment. We will do it as soon as the servers are back online".
Now i think will find some rope and hung myself
What else can i do?
you gave them your password? big no no.
call them up and don't get off the phone until it's resolved. go to a manager if you have to. it's pretty obvious that their scripted answer is of no use to you.. if they say "the server is under maintenance" again, tell them that's the answer you've received for weeks and that you will not get off the phone until it's fixed.
perhaps......
It all depends at what time you call. I have called in the afternoons/evenings and the support sucks. I have called in the morning time and I have gotten exceptional support from them. Better luck in the future, have an awesome day.
I'm new to HTC and tried to register for HTC Sense and never got the verification email. I logged a support request and have been asked for my username, password, secret question (and answer), phone make and model, phone number, IMEI and serial number!
Why they need all or even any of that information in order to delete or reset my account I have no idea but I responded by telling them politely to 'go whistle' and I am awaiting their next inspired suggestion.
I have worked in IT for over 20 years and you just don't go asking for this stuff if you are a legitimate support service. I'm distinctly unimpressed so far and looks like HTC Sense is one service I will be managing without.
Andy
htc = pia
I love my EVO 4g, but tolerate HTC. After about a year of owning it, I finally tried to set up an HTC.com account. I had been running AOSP ROMs for most of the time, and just decided to try Sense again. I got the same sort of "servers are down" messages. I tried alternate email account and user name...same results. Its not a big thing to me, I can get most any widget or wallpaper or whatever from a dozen other places. Sense is pretty, but it is a resource hog. I don't want the widgets, I want memory and storage space back.
Is this Application like Ipone have ones?
even if you get it working mate it ll just stop working after a while. ive had to remove and add the account to the phone a few times to make it sync again. as it stands just now I get no gps details or phonecall details the phone wont lock but I can see my messages at least.
Lol, almost a year later and the servers are still under maintenance....

Two-factor authentication issue with Google Account

I picked up my Verizon Galaxy S7 yesterday and went to setup my Google Apps for Education account but ran into an issue. With all of my other Galaxy phones I've used an app specific password since I have two-factor authentication enabled. However, that didn't work with my S7, it said something to the effect of "incorrect password". My coworker had the same issue. We ended up using our regular passwords and then entering a 6 digit Google Authenticator code. This seems to have worked for now, but it may ask for another code in 30 days and wouldn't have worked if I didn't have my old S5 with Google Authenticator still set up. Has anyone else had this issue? Was there a fix or workaround?
My experience has been you have to use your normal Google password. In the past the application password would have worked but for me that changed when I went from the S5 to the S6.
_Gir_ said:
My experience has been you have to use your normal Google password. In the past the application password would have worked but for me that changed when I went from the S5 to the S6.
Click to expand...
Click to collapse
Thanks for the reply. Just to make sure I follow, you are using two-factor and had to enter your regular password and your 6 digit Google Authenticator code?
sixteen2nd said:
Thanks for the reply. Just to make sure I follow, you are using two-factor and had to enter your regular password and your 6 digit Google Authenticator code?
Click to expand...
Click to collapse
Yes & I do use the 2-factor. I have never been asked to revalidate after 30 days. Maybe the S7 will be different than my experience with the S6.
For any other newcomers who use 2 factor--the old phone isn't really required. Just skip the initial google setup, activate the new sim card, and once text messages are being sent to the new phone go back and active the google account.
I'm just about to switch to the S7 too! (Slight thread hijack here), but is there any (non-root way ... ie not TB) to take my GAuth from my Note 3 to my S7 without having to manually reactivate anything?
_Gir_ said:
Yes & I do use the 2-factor. I have never been asked to revalidate after 30 days. Maybe the S7 will be different than my experience with the S6.
For any other newcomers who use 2 factor--the old phone isn't really required. Just skip the initial google setup, activate the new sim card, and once text messages are being sent to the new phone go back and active the google account.
Click to expand...
Click to collapse
It's just weird that on my SIII and S5, and on my coworkers S6, we could use the "Application Specific Passcode" generated in our Google account, whereas our S7's wouldn't accept said code.
But you are exactly right, there are other ways to get your 2-factor authentication code: text message, phone call, etc.

Ghost in the Machine

Hi guys!
Tried the search but came up with nothing so here goes...
I must admit I'm not very tech savvy but I can follow instructions no worries
I joined mainly because my Samsung Galaxy S8+ (un-rooted) started to behave very strangely early this year.
(and I want to trick it up after warranty expires in August ?)
Short story is that my Samsung account got hacked (or it at least seems like it) and the perp was then able to control my phone remotely. It was incredible watching my phone do as it pleased and all I could do was sit back and watch. Funny thing is that I've never actually toggled the RC switch (find my phone)...
My local carrier (Telstra Bigpond - Australia) account as well as my Google account got taken over shortly after. This would have given whoever it was access to my 3 cloud accounts which add you can appreciate would contain some sensitive material.
Whoever is responsible could well be a member on here so "Hi, there!! "
I pulled my sim and sd card and switched the phone off so I could decide what to do next.
I got a password manager app, changed all passwords (lucky my partner had a spare iPhone 5S sitting around up I could get online) and factory reset the phone.
All seemed to be going well until a few days ago...
I got "timed out" on my Samsung account (is that even possible?!) and while I was putting the password in (on the Samsung website - silly mistake!) just as I hit next I noticed a few dots in a square pattern that did a spinning type of graphic over the password entry box.
Continuing onto the next screen where the two step verification was, which was to send a text to my phone to receive a code and bang! Before I even received the text a six digit code appears in the fill box on the screen (same spinning dots in a square pattern) right before my eyes and then I receive the text afterwards! The numbers matched!!
I’ve also been asked to enter my Google credentials on more than one occasion lately from being “signed out”...
I don't know what to do!
I've tried all of the popular virus type apps and a few file managers to no avail. More like I've been hacked than a virus?
I've removed apps and shut down almost all of them as well as toggling between mobile data and WiFi and restored the phone twice back to earlier backups from over 6 months ago.
I've only ever downloaded from the Play Store apart from just the once getting your better version of the Play Store XDA (LABS) app.
What might be noteworthy is when I was using Google's help function it said that I had a "modified Android" and to contact manufacturer. I can guarantee the phone has never been cracked open.
I can provide screen shots from DevCheck (FLAR2) but I really don't know what I'm looking at. I also don't have any unknown apps etc...
I really don't know what to do next...
Any advice please??
Sorry about the long post.
All the best,
Crackles
Took phone to Samsung and they wiped the device and installed current (Android Pie 9 w. Feb 01 security update) so was looking forward to having a play with the new os until I went to add my Samsung account details...
Entered the password then the 2-step security kicked in to send a text to my number.
The earlier 4 circling dots dropped the 6 digit code into the fill box before I even received the sms! Device (on it's own jumped straight to the remote control button in the Find my Device security section) then attempted to change the password!
Only thing that prevented that from being carried out was I had biometrics activated and stopped the action using my fingerprint.
Seriously no one has any idea on what to do?!
I also had installed a replacement sim card.
I also can't uninstall updates on certain apps like Google Play Services etc, and some apps either have a dead link (press it and nothing happens) or Play Store can't find the app when I hit the downloaded from Play Store thingy at the bottom of the app description page. Hope that makes sense.
As you said, they wiped the phone, which means they most likely flashed the whole firmware, so there's no way for any malware to remain installed. But for what it's worth, you can try to re-flash the firmware yourself using Oding to make sure the whole flash is clean.
If your phone really was infected with any kind of malware, it must have been a 3-rd party app you have (repeatedly) installed. Some apps like Google Play Services cannot be uninstalled because they are vital for system's (or rather apps installed from Play Store) propper functioning.
Also, even if you had infected your device, it would not be able to take control of your device to the extent you described because of app sandboxing, which cannot be broken unless the app constitutes itself as a system app (because every part of the system has to be cryptographically signed, this would break the boot and brick your device) or the user (you) would have to allow the app the necessary permissions to carry out these tasks.
Hey Kernel thanks for the reply ?
Yes I know what I'm saying sounds crazy and even the missus said I was nuts till I showed her.
I can't screen record any more either...
I'm noticing odd little things like when I pull the notifications screen down for a second or so the NFC, Bluetooth and nearby icons are lit up but then revert back to a if they were off. I've switched all of these items off in the settings so are they being sneaky?
So far nothing really bad has happened apart from not being able to put my credentials into the PayPal app. That's using both Last Pass auto-fill and manually entering the email and password. I've un-installed and re-installed many times and it's the same. I'm not going to add any banking apps just yet.
Facebook also got installed in the background about 4 times within a few minutes. Seemed odd to me. I think I've got a screenshot of that.
Malwarebytes found an issue with I'm guessing a theme I got from the Samsung Galaxy Store so I removed it, chose another and it seems OK.
There's still a few odd things happening like certain settings reverting back to something different from what I'd set.
I'll keep tinkering and post anything that stands out.
Is there an app or something that can check every file on my phone and tell if something isn't quite right?
I don't have a pc at the moment but when I do I'll look into Odin.
Thanks again for taking the time I know I sound like a lunatic and tbh I really wish I was haha!! :laugh:
Hmm interesting...
When I tried to upload the screenshot it stopped and said "bad request"...
Sent from my SM-G955F using XDA Labs
Could all this weird bs be happening if the home WiFi has been hijacked?
Sorry for dumb questions.
Sent from my SM-G955F using XDA Labs
Whatsapp does the same thing, autocompletes the code, before de sms is coming. This is not a malware. But, don't use password manager... Those can be hacked.
Really my password manager can be hacked?!
I'm using Last Pass.
So moving on I started to poke around the WiFi router and found the PnP enabled and my device was sharing with another device. I did not authorise this. I've since reset the router, changed the pin and access code, disabled the WPS and also factory reset the device that was "sharing" with mine... The owner of said device no longer lives with me. I'm just glad I confiscated the phone from him before he left.
When I'm researching possibilities of what could be going on with my phone the pages won't load. It's like my searches are being monitored and the data is being stopped. I tested this with my partner's phone (on mobile data) and the exact Web pages loaded right up on her's without a hitch! I tried again on mine and they just stopped. Pages would load straight away on mine if searching for something completely different like rc cars or bmx related content. Stuff to do with my phone just won't work ffs!
Like when I tried my first post on here. It simply would not post it up! I ended up having to copy/paste the draft and emailing it to another account that I made up on the spot on her phone. Hence the two usernames in this thread.
I got the 3C TOOLBOX app and in the app management section, Task Manager under service many of them are "custom entries" and I cannot un-tick, modify or reset back to the original version of any of these apps. Google Play Services was the worst. Pretty much every thing it was capable of doing had a "custom action" and I could not do anything with it.
Am I doing something wrong or do I have a serious invasion of my phone..?
Thinking about smashing this thing to bits and getting an S10+ ??
Also the Bluetooth, NFC & Nearby buttons almost any me of the day/night are on for a split second when I drag the motivation panel down. These are all set to "OFF" in settings...
What
The
F--k?!?!?!
Sent from my SM-G955F using XDA Labs

Employee left, we're stuck with a Huawei P20 phone asking for a code.

Hi,
Im working for a compagny where we are providing cellphones to the employee. This time it a Huawei P20 model. Employee left the compagny and this employee didnt give us the passcode. we're now stuck at the passcode screen and we cannot do nothing to factory reset the phone. Is there a solution we can do recover the phone and be able to use it again with a new employee?
thanks a lot
Cyqpann said:
Hi,
Im working for a compagny where we are providing cellphones to the employee. This time it a Huawei
...
solution we can do recover the phone and be able to use it again with a new employee?
thanks a lot
Click to expand...
Click to collapse
Hi there,
I think the best option you have here is to call back your employee in order to fix that, because Huawei blocked everything on their phones.
Year ago we had the same. It was mate10lite and security patches were not applied.
So, there bwas a YouTube video how to get pass it.
Included creating having shortcut maker in yahoo mail, while watching yt video (was a way to open some how to recover password) you could get in mail, open shortcut maker, skip to settings, disable security...
But that was lucky. As the user had not applied any updates.

Samsung account unable to log in when in China?

I have a problem with my Note 9. Whenever I'm in China (I work here a lot), my Samsung Account logs out and cannot log in again. The notification keeps popping up (with sound) even after I clear it. It wants to remain logged in at all times or complains. I don't use anything by Samsung so have no need for it but the damned thing cannot be switched off** The problem disappears as soon as I arrive back in Europe.
It's almost as if the GFW of China is not allowing connection to Samsung servers or maybe Samsung rejects requests from China? But then, I get the same thing through a VPN and a SOCKS proxy, so I'm very confused by this. Could it be a time zone bug?
**I've followed every guide out there, Samsung services cannot be fully switched off or removed on a Note 9. Prove me wrong! please.
UPDATE, can't believe my luck. I've fixed it!
I logged into Samsung's website and was met with a prompt to Accept the latest Terms and Conditions. After I did this, the phone can log in and no longer complains. Way-to-go Samsung, you bunch of fools. There was no way to log in via my phone because of your stupid implementation of web services.
nadimaj said:
UPDATE, can't believe my luck. I've fixed it!
I logged into Samsung's website and was met with a prompt to Accept the latest Terms and Conditions. After I did this, the phone can log in and no longer complains. Way-to-go Samsung, you bunch of fools. There was no way to log in via my phone because of your stupid implementation of web services.
Click to expand...
Click to collapse
... stupid implementation of web services....

Categories

Resources