Database Info

Major Security Flaw Found In Android Phones

Worth reading http://www.theregister.co.uk/2011/05/16/android_impersonation_attacks/
and perhaps following http://forum.xda-developers.com/showthread.php?t=1086878 (ok -- maybe not -- that thread is pretty useless)
In brief:
The weakness stems from the improper implementation of an authentication protocol known as ClientLogin in Android versions 2.3.3 and earlier, the researchers from Germany's University of Ulm said. After a user submits valid credentials for Google Calendar, Contacts and possibly other accounts, the programming interface retrieves an authentication token that is sent in cleartext. Because the authToken can be used for up to 14 days in any subsequent requests on the service, attackers can exploit them to gain unauthorized access to accounts.​
Announced today, apparently there will be silent OTA patches for Contacts and Calendar.

that is crazy!!!!
this made me feel a little at ease, just a little.
The attacks can only be carried out when the devices are using unsecured networks, such as those offered at Wi-Fi hotspots.
Click to expand...
Click to collapse
not sure what else to say about it.

Bloggers and media like to hype this stuff up.
Bottom line is this. Don't connect to a public wifi you don't trust, and always log in via SSL.
The issue here stems from using public wifi that allows people to sniff your traffic.
For instance:
You walk into starbucks, I'm already there and with my phone I create a mobile hotspot, I call it "StarbucksWifi" for the SSID. You're none the wiser and you connect with your phone (OR with your laptop, it's not just your phone but the media didn't share that).
I turn on Shark Mobile (Wireshark) and start capturing all those lovely packets. I then dissect them later to see your login info etc.
Again, don't connect to public wifi you don't trust or are unsure about. Starbucks uses ATT for hotspots and the wifi name is always ATT from what I remember.

fknfocused said:
that is crazy!!!!
this made me feel a little at ease, just a little.
not sure what else to say about it.
Click to expand...
Click to collapse
Not a real issue unless you're one to use unsecured wifi networks.

joedeveloper said:
Bloggers and media like to hype this stuff up.
Bottom line is this. Don't connect to a public wifi you don't trust, and always log in via SSL.
The issue here stems from using public wifi that allows people to sniff your traffic.
For instance:
You walk into starbucks, I'm already there and with my phone I create a mobile hotspot, I call it "StarbucksWifi" for the SSID. You're none the wiser and you connect with your phone (OR with your laptop, it's not just your phone but the media didn't share that).
I turn on Shark Mobile (Wireshark) and start capturing all those lovely packets. I then dissect them later to see your login info etc.
Again, don't connect to public wifi you don't trust or are unsure about. Starbucks uses ATT for hotspots and the wifi name is always ATT from what I remember.
Click to expand...
Click to collapse
Thanks.
I love hearing about this kind of stuff. It's good to keep current....now I know why they have that accept conditions page at wifi places like starbucks and mcdonalds. You couldn't create that with your hot spot...or could someone
Sent from my SGH-T959V using XDA Premium App

thanks for the info fellas. I rarely connect to wifi spots when Im out and about. Actually, the only time I do is when im home or at work. Looks like im good.

While "always log in via SSL" is a great suggestion, the Google services aren't going to go over a secure channel (unless you have VPN enabled).
The same warning should apply if you aren't using WPA2 -- the older WEP (and WPA) is still common on many "secure" wireless connections, especially home units, and takes not more than a few minutes to crack with widely available tools.
http://www.google.com/search?q=wep+crack
From http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
WPA2 has replaced WPA; WPA2 requires testing and certification by the Wi-Fi Alliance. WPA2 implements the mandatory elements of 802.11i. In particular, it introduces CCMP, a new AES-based encryption mode with strong security. Certification began in September, 2004; from March 13, 2006, WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark.​

This is what I was asking about in another post. I like to vacation where I have 0-1 bars on the phone, and motel wifi is available. I would like my pet/house sitting service to be able to call me when I'm away.
Also kid moved to England. We use Skype, Skype on Android is wifi only.
Mostly do use home WPA encrypted, but there should be some kind of safety for those who do need the service. Do not use the phone for personal stuff like banking, etc. even on a network.
And there are areas here in the west where there is no service for any carrier. Canyons are not conducive to line of site.
SGS4G does have wifi calling built in.

PSA: Stores using new tech to track us via our phone's wifi

So if you are walking around in public with wifi enabled - you are allowing stores to collect data such as how often and how long you are in their stores.
SOURCE

Wow that's kinda scary. Nice find, thank you.
Why is the right door always locked?

I don't find this nearly as unnerving as the NSA tracking me; if I don't like it, I can take my money elsewhere. We can't "opt out" from government tracking us. Retailers analyzing this data makes them more efficient; has the potential for reducing their advertising and marketing budgets, lowering their costs in one area, helps them lower prices in the long run.

erikoink said:
Retailers analyzing this data makes them more efficient; has the potential for reducing their advertising and marketing budgets, lowering their costs in one area, helps them lower prices in the long run.
Click to expand...
Click to collapse
I agree that to an extent this isn't really a big deal; so Dillards knows that you spend more time shopping for men's clothing than women's shoes.. Who cares right? Problem is, will they stop there? No, they wont. We don't know what information could be (easily) collected (and sold) in the future, that is the problem. Today its "customer 74593654 spent and hour in the store total, 20 minutes in refrigerated goods, 10 minutes in the deli, and 30 minutes in canned foods". But tomorrow, it could be "John Doe who visited our store for an hour today, mostly connects to these two wifi points; they must be his home and work locations. We sell his information to our partners in those areas."

I don't really think that they're tracking (or able to track) that type of information. They're just taking advantage of the way the 802.11 discovery process works.
When a WiFi device is on and not associated with an Access Point (AP), it announces it's presence and attempts to discover a nearby AP. APs respond to these queries with their BSSID and SSID which then gets listed in your device's list of connection options. If it's a "hidden" AP, it will only respond if the discovery query includes a specific SSID. Instead of responding, all it does is log the querying devices MAC Address and timestamps it. Other APs can compare the Rx signal strength and approximate the location of the device.
As far as I know, unless and until your device actually associates with (connects to) the AP, no other communication occurs. If there are any WiFI engineers in here that know of a way to force a device to associate to an AP remotely and request it send data that it isn't configured to send, I'm willing to be corrected.

WiredPirate said:
So if you are walking around in public with wifi enabled - you are allowing stores to collect data such as how often and how long you are in their stores.
SOURCE
Click to expand...
Click to collapse
I'd like to bump because im honestly curious if anyone knows what kind of info they could pull from our phones through this.

erikoink said:
I don't really think that they're tracking (or able to track) that type of information. They're just taking advantage of the way the 802.11 discovery process works.
When a WiFi device is on and not associated with an Access Point (AP), it announces it's presence and attempts to discover a nearby AP. APs respond to these queries with their BSSID and SSID which then gets listed in your device's list of connection options. If it's a "hidden" AP, it will only respond if the discovery query includes a specific SSID. Instead of responding, all it does is log the querying devices MAC Address and timestamps it. Other APs can compare the Rx signal strength and approximate the location of the device.
As far as I know, unless and until your device actually associates with (connects to) the AP, no other communication occurs. If there are any WiFI engineers in here that know of a way to force a device to associate to an AP remotely and request it send data that it isn't configured to send, I'm willing to be corrected.
Click to expand...
Click to collapse
Thank you for explaining that better.
Perhaps you connect to their free wifi, it's tempting if you want to save data or maybe you are in an area with bad reception.. Couldn't they then gather more personal information?

WiredPirate said:
Perhaps you connect to their free wifi, it's tempting if you want to save data or maybe you are in an area with bad reception.. Couldn't they then gather more personal information?
Click to expand...
Click to collapse
See, now if you associate with (connect to) their network, that changes things. But let's explore that hypothetical:
Have you ever heard of a "captive portal"? You see them in airports, hotels, anywhere with a so-called "guest wifi network", whereupon if you connect to their network and try to go to a website, it first redirects you to a page. And this page requires you to enter a password, or answer a survey, or agree to their terms and conditions. I'm sure we've all seen these.
Let's say that part of their terms are you must download their smart phone apps as a condition of connecting to their network and allowing you to be routed onto the global internet. Lets also say that in order to install the app, you have to grant the app certain permissions. Among these reading from areas of your phone, you might not want people reading from. As you suggested in a previous post, your list of saved WiFi networks, etc. Then yes, they could start gathering additional data. In this case, it's still your choice to use their resources, you still have the choice not to. Their network, their rules.
I will say this though.. be careful of how your device is configured. I think the setting is available that tells your device to connect to any available open (unsecured) WiFi network. I would advise anyone to disable this. Once your device connects to any network, and you an IP address on said network, then something could make a connection attempt to a vulnerable/compromised device (whether that be the network owner, or another compromised or rogue device) running some kind of Trojan service that responds to certain requests without you knowing. This of course, would be illegal and if they got caught doing this then they would face a huge backlash from their customers. I doubt they'd attempt something like this.

Mac address is worse enough.
Today's data is aggregated, ALWAYS.
You can buy it you can sell it... There isn't just one source.
Cameras in the shops running track analysis and soon facial recognition, mimics and so on.
Your mac address? Your router knows it.. And so your provider has access to it. He also has your ip.
Your ip? Most websites you visit and some more tracking / advertising sites.
So, as your mac is known, data sold, we assume your owned devices are well known.
Now we don't need anything else than a WLAN to track your GPS like location.. Beside.. This is how android WLAN location service works. Did I say android? Sorry, it is an exclusive google service.
You can:
Adapt your behavior .
Use tor or i2p.
Host your own services.
Encrypt everything.
And again, adapt your behavior... Elseway no onion routing brings any advantage.
So, if you are willing to go the painful road, opt out of most things.. You can't opt out of your phone providers data collection, if you still want a mobile phone.
But still... ANY data reduction is the right way.
The data is and will be more and more widely used, aggregated and abused.
It is time to realize that there won't be any freedom in the modern world - this IS the new world order.
Forgot one freedom: you are free to be a consumer and a product.
And for people arguing with laws... Laws can and will be changed... In the name of safety.
Sent from mobile.

I want to create an unstealable phone.

I want to create an "un-steal-able" phone.
Of course this is impossible, but I want to make it as difficult as possible for thieves to get away with it, and as easy as possible for me to find it.
Assumptions:
Phone has available call and text messaging service.
Phone has internet capabilities and "permanent" Internet access. (We will consider 2G, 3G, or 4G cellular access with a data plan to be permanent. Depending on an open WiFi network to be available at all times is unreliable).
Phone is on and has some charge in its battery. (If the phone is off, we can't do anything).
Phone has an accurate GPS receiver.
Requirements:
Software that relays GPS coordinates via an Internet connection. As a backup for when there is no cellular data signal, software that relay GPS coordinates via SMS
Software cannot be disabled or removed without authentication.
GPS on phone cannot be turned off without authentication (alternative: remote activation of GPS receiver via Internet or SMS)
Cellular data and/or WiFi cannot be turned off without authentication (alternative: remote activation of cellular data via SMS)
Where GPS signal can be used for macro location (within 10 to 30 meters), there must be some method of micro location (within a few feet).
Phone cannot be powered off via any button press, on-screen menu, or removal of battery
Phone cannot be wiped by on-screen menu or by computer cable connection
Now I have approached this solution from two starting points: the iPhone running iOS, or an Android-based smartphone. Both have different advantages and technical details. Let's look at how we can meet each of these requirements one by one.
iOS solution:
Unfortunately, if your iPhone is not jailbroken, your choices are not so great. But FindMyiPhone does do the basic job of relaying GPS coordinates. For a jailbroken iPhone, iCaughtu seems to be the best of the bunch from the research I have done and gives you a bunch of cool anti-theft features.
and
Using the options under Settings -> General -> Restrictions, you can disallow users from deleting apps AND from turning off location services. Of course, you can accomplish something similar by simple setting a password to access your phone. Unfortunately I haven't yet seen any program that allows you to remotely activate the GPS receiver on an iPhone.
Unfortunately I don't think there is anyway to prevent a thief from disabling your cellular connection other than setting a password on the whole phone. This has its advantages and disadvantages.* Similarly, I don't see any way to remotely activate the Cellular Data on an iPhone via SMS.
This is where things start to get more complex and we need to start thinking of actually modding the phone. So far the best RF tracking solution I have found (in terms of size, cost, and effectiveness) is a cheap chinese-made product that I picked up in Asia and cannot find a link to. This one is very similar http://www.amazon.com/Loc8tor-LTD-Loc8torLite-LOC8TOR-Lite/dp/B0012GMDC4/ but the reviews are meh. It is RF-based but does not really give any directional information. Once you are close to the RF transmitter (using the GPS coordinates), you can use the RF receiver to basically play a little game of hot and cold and walk in different directions all while watching if the signal gets stronger or weaker. I've done two real world field test with the similar device and was able to successfully find a purposely concealed bag in a slum twice.
But how do we get this into the phone? If you disassemble the transmitter, it is a very small circuit board, but most phones these days are already packed to the brim. Additionally, these units need power, so you would need to solder it into the phone's power system.
For the iPhone, concerns about a battery-based shutdown are reduced by its "sealed" battery compartment. Of course, with the right tools, someone can get to the battery. But this is not likely to happen quickly and will likely occur in a specific home or shop, from which we can get coordinate data. We only need to delay the thieves long enough to track them. The bad news is that preventing an iPhone from being shutdown via button press is much more difficult. Even with a lockscreen password, anyone can turn off an iPhone with a long power/sleep button press. I found a mod on Cydia that required a password before any shutdown, but it seemed it was only compatible with iOS 5 and I am running iOS 6.
This is the most challenging problem, as the most common method for any experienced phone thief to avoid detection is simply to power off the phone (or disable internet/3G) and as quickly as possible get to a computer and perform a complete wipe using any number of computer programs. A password on the phone can prevent access to the menu options for resetting factory default, but very little can prevent a thief from physically connecting the phone to a computer and wiping it.
Again I turn to physical modding. Would it be possible to modify the iPhone connector in such a way that the pins for power and charging would still work, but the pins for a data connection would require a specially modified cable to conect to the computer? Once my phone is through its initial setup and/or, most anything I need to do as far as data can be accomplished via WiFi. If needed, I would keep my special data cable at my home only and never take it out. But losing the ability to charge from any iPhone cable would be too debilitating to daily usage.
So I ask the experts: how can I improve on or solve these ideas? Is there software out there that I don't know about, either on the App Store or the Cydia Store? Are there ways to remotely control the iPhone's wireless and GPS functions via text? There should be. Any ideas on incorporating a tiny RF transmitter into the iPhone? Is there any way to prevent an iPhone from being shut down via the sleep button? Is there anyway to sabotage the lightning connector in an intelligent way to prevent a computer-based wipe?
*Advantages and Disadvantage of a phone-wide password. Honestly, I would rather not have a lockscreen password on my phone. I'm not a privacy freak and I don't care if a thief sees my pictures of e-mails or Facebook. If my phone is stolen, I'm hoping it is stolen by an idiot and that they WON'T try to wipe the phone. None of my solutions are foolproof. Everything in here is about delaying the thief long enough to track them. If an idiot steals a phone without a password, he MIGHT just use it as is. But if an idiot steals a phone and can't doing ANYTHING with it, he is going to take it to someone who will be smart enough to wipe it MUCH SOONER. Of course, the disadvantage is a loss of privacy, but iCaughtu has a cool solution for that too.
Android solution:
Android phones are much easier to root, and software solutions exist that will work reasonably well even for nonrooted phones. The best software I have seen is Avast! Anti-theft (part of Mobile Security), AndroidLost, and Cerebrus. All of these can report GPS coordinates, and with Avast! at least, you can also see coordinate history online and actually follow the path of your phone through the minutes, hours, and/or days. AndroidLost can report GPS coordinates online OR via SMS!
,
and
Avast! cannot be removed without a pin code. It can also prevent the user from during off Cellular Data and GPS. AndroidLost can be used to activate WiFi, Cellular Data and/or GPS via internet command OR via SMS. There are a ton of other internet-based and SMS commands in AndroidLost as well. Even without an active lockscreen password, a thief would be powerless to disable communication between the tracking software and you. In this department, Android truly outshines the iOS solution.
Getting an RF tracker into an Android-based phone has the same challenges as an iPhone.
I haven't found ANY glimmer of hope for a mode to disable shutdown via a long-button-press on Android. At least I found one mod for iPhone, even if it was the wrong iOS version. This is a huge gap in the goal of building an "unstealable" phone for both operating systems. As for the battery: Android phones come in many flavors. Many have removable batteries, so if you want to make life more difficult for thieves you'll have to limit yourself to a phone with a "sealed" battery compartment such as the HTC One.
A computer-based wipe via USB cable presents the same challenges as an iPhone EXCEPT that we're dealing with a more standard interface so that MIGHT make modding an easier task. Is there any way to make the microUSB jack more "proprietary" so that any normal USB cable can charge it but only a specially one can transmit data?
There is one other detailed I am interested in, but which is, I believe, currently impossible since it would require modifications to the lowest level of the phone's software, and that would be an auto-on feature. If the phone's battery dies for any reason (or any other shutdown that is not user-initiated), I would love for the phone to automatically power back on whenever it receives a new power source (either being plugged into the wall or getting a fresh battery).
Why am I so interested in doing this? I live in a third-world country and I travel to many other third-world countries. For 3 years, I guess I had good luck, but in the past year I have had three phones and a laptop stolen from me on the street and I have been punched in the face. Several of my friends have also had phones stolen during that time, and one friend was even kidnapped and robbed. Maybe crime is getting worse or maybe it is just coincidence. I have tried to be more careful each time, but one should not live life in fear or blame ones carelessness alone. It is time to fight back. Money, time, memories, self-respect, and peace of mind have been taken away from me and from people I care about. These thieves bear the real responsibility for these crimes. And the police and government here is largely unwilling, incapable, uncaring, and/or corrupt. Maybe I can help others as well.
Thanks for your suggestions and input.

Your thoughts are well expressed.
Hopefully something is coming fast to consumers.:good:

[Q] Hotspot Hacking from Wan?

I have concerns related to the security of S4 as a hotspot. While using the device as a hotspot it
became extremely hot, and started to malfunction. I could see that no one other than myself was
connected to the hotspot. Other unusual activity was observed as well, and the carrier has taken
extreme & unusual steps to prevent me from discussing it with their employees.
When using an S4 with (selinux enforcing) as a hotspot, is there any risk that a malicious webserver operator
can somehow access the device using the carrier assigned (dynamic) ip address?
What type of protections (on the wan side) should be in place to properly secure an S4 with 4.3 for use as a hotspot
so the device itself can't be compromised? (assuming no 3rd party apps are installed) I assume device encryption would
not help this situation because the device has to be decrypted to run the hotspot. It's unclear samasung knox 1.0 could
provide anything useful, and I think they force packets through lookout so it slows the connection.

greens1240 said:
I have concerns related to the security of S4 as a hotspot. While using the device as a hotspot it
became extremely hot, and started to malfunction. I could see that no one other than myself was
connected to the hotspot. Other unusual activity was observed as well, and the carrier has taken
extreme & unusual steps to prevent me from discussing it with their employees.
When using an S4 with (selinux enforcing) as a hotspot, is there any risk that a malicious webserver operator
can somehow access the device using the carrier assigned (dynamic) ip address?
What type of protections (on the wan side) should be in place to properly secure an S4 with 4.3 for use as a hotspot
so the device itself can't be compromised? (assuming no 3rd party apps are installed) I assume device encryption would
not help this situation because the device has to be decrypted to run the hotspot. It's unclear samasung knox 1.0 could
provide anything useful, and I think they force packets through lookout so it slows the connection.
Click to expand...
Click to collapse
bump

greens1240 said:
Other unusual activity was observed as well, and the carrier has taken
extreme & unusual steps to prevent me from discussing it with their employees.
Click to expand...
Click to collapse
would you elaborate on that?

keen36 said:
would you elaborate on that?
Click to expand...
Click to collapse
Those are actually 2 separate issues even though the carrier's actions may seem unusual.
I don't see https in the url for this site, and when I try to force https it redirects to remove the ssl,
so privacy didn't matter here?
Some of the unusual activity involved messages about "sim data" refresh/change when no 3rd party
apps were ever installed, the phone wasn't rooted, and updates turned off. Apps that were turned off
showed subsequent network activity. After a factory reset, disabling some apps and changing other
settings, the main issue was the phone getting extremely hot when using the hotspot to test a vpn
service (vpn settings config on pc not on android).
If your phone number ends up on that "list" you should expect management to take an approach with you
as if litigation is underway. Expect very little cooperation, leave 15 messages over a 30 day
period with 5 different corporate managers to finally get a return call from yet a different manager who
finally admits they have ways to prevent your phone from getting through to support or customer service.
They must have thought none of their customers would figure out that advanced call rejection features
can do all kinds of things, such as put select callers on hold indefinitely, forward the call to a number that
rings but never answers, have the caller hear fast busy signals, have the caller hear a message that no
one is available to take their call, etc, etc. A word to anyone with a cell phone - If you can't get through
using 611 or the carrier's toll free numbers, try calling from a different phone, and if you get through
with the different phone, then you know.

xda admins probably thought that encryption is not overly important, this being a public forum and all... i would also prefer ssl everywhere, but it does add a layer of complexity and also increases demand on the server, so i can see why it is not implemented here.
what do you mean with
Code:
"sim data" refresh/change
? what do you mean when you say you have apps "turned off"?
i can easily see you getting blocked if you annoy any support-hotline too much. i do not see something especially suspicious about that.
if i may be honest: you appear to be a little paranoid.

keen36 said:
xda admins probably thought that encryption is not overly important, this being a public forum and all... i would also prefer ssl everywhere, but it does add a layer of complexity and also increases demand on the server, so i can see why it is not implemented here.
what do you mean with
Code:
"sim data" refresh/change
? what do you mean when you say you have apps "turned off"?
i can easily see you getting blocked if you annoy any support-hotline too much. i do not see something especially suspicious about that.
if i may be honest: you appear to be a little paranoid.
Click to expand...
Click to collapse
As network packets travel over the Internet, anyone with physical access to a network device (within the packet route) can view your activity without your knowledge. There are redirection protocols used by thousands of businesses and ISPs to divert port 80 traffic to web caches, internet filtering appliances, and data mining "honeypots". Not sure if still true today that network router and Layer 3 switches manufactured by Cisco ship with a redirection protocol (WCCP) that can be used to re-reroute HTTP traffic through an external filtering or a logging device. Most would agree when it comes to discussions about network security- exchanging plain text email, and requesting advice on plain text message boards is not the best practice.
"refreshing sim data" was a message I observed after the s4 was rebooted. It seemed odd that the message appeared when there was no update or installations. But I'm not an expert on the device, for all I know it might be normal to see the message when there's no activity. As far as turning off apps, it's normal to turn off apps that use resources, drain battery, etc. if you don't need them. Turning off, not deleting, and changing permissions doesn't appear to be an option on 4.3 without a 3rd party app.
As far as sounding paranoid, there's a lot more to the story that I didn't go into involving what looks like attempted identity/phone theft by the carrier's own employee(s) or reseller(s). The way the situation was handled it genuinely looked like a cover up, and still does.
There is still the issue of securing a hotspot which no one from any tier 2 support centers has been able to answer. Not sure if a droidwall or other firewall would be doing anything beneficial since I assume any port scanning would be of the device connected to the hotspot rather than the s4 itself.

yes, anyone along the route can intercept the packets and even read them if they aren't encrypted. yes, there exist man-in-the-middle attacks. yes, most would agree that when exchanging security related information, it would be best to encrypt. that doesn't change what i said: this board is not security oriented, it is a public, developer oriented board. encryption is not very important here, so the admins must have thought that the benefits of not encrypting outwheigh the risk. if you really have sensitive security-related questions, this is not the right place to ask them, i fear.
what do you do exactly when you "turn off" an app? step-by-step?
have you tried googling what "refreshing sim data" does and why it is happening? it looks harmless to me!
last thing, to get this clear: you think that someone hacked your hotspot because the phone gets hot and unstable when you use it? no, wait, you have about a thousand small other things that also point to that explanation, right? this sounds like a case of unfounded paranoia to me. i have some experience with paranoid schizophrenics, and while i am not (!) calling you that, i have to advise you that the way you argue reminds me of them.
you are looking for suspicious things and you do not understand enough about these phones (they are ridiculously complex, so that is quite normal i might add) to see whether something is suspicious or not.

keen36 said:
yes, anyone along the route can intercept the packets and even read them if they aren't encrypted. yes, there exist man-in-the-middle attacks. yes, most would agree that when exchanging security related information, it would be best to encrypt. that doesn't change what i said: this board is not security oriented, it is a public, developer oriented board. encryption is not very important here, so the admins must have thought that the benefits of not encrypting outwheigh the risk. if you really have sensitive security-related questions, this is not the right place to ask them, i fear.
Click to expand...
Click to collapse
Do you know a better place to ask advanced security related questions about Samsung/Android? Google and Samsung tech support are unable to answer many basic security questions. Anything advanced is a foreign language to them.Ask 1000 Samsung employees "What is Knox?" and 999 will answer "Never heard of it." Most don't care about security, and never will unless and until they become a victim, and have a substantial loss.
keen36 said:
what do you do exactly when you "turn off" an app? step-by-step?.
Click to expand...
Click to collapse
I used app manager. I'f you're familiar with S4 running 4.3 then you're familiar with app manager.
keen36 said:
have you tried googling what "refreshing sim data" does and why it is happening? it looks harmless to me!
Click to expand...
Click to collapse
This message may be related to updating network tower(s) info which I agree, by itself would be harmless.
keen36 said:
last thing, to get this clear: you think that someone hacked your hotspot because the phone gets hot and unstable when you use it? no, wait, you have about a thousand small other things that also point to that explanation, right? this sounds like a case of unfounded paranoia to me. i have some experience with paranoid schizophrenics, and while i am not (!) calling you that, i have to advise you that the way you argue reminds me of them.
Click to expand...
Click to collapse
There's constant network inbound/outbound activity while the device is idle according to the indicator. The activity could be perfectly benign. Many native apps communicate with the network, but it is also possible to turn off (restrict) background activity to limit which apps have network access. I wouldn't know what it is without running a program such as wireshark. A paranoid schizophrenic might think an app that had permission to access the microphone, recorded audio in the room, then encrypted & uploaded it to a server for later retrieval. That could never happen in the real world right?
I'm merely asking questions about various events which may or may not be signs that there's a problem, but I've not concluded anything. More importantly I'm hoping to find information on how to properly secure a hotspot. You've not offered any information about this so I assume you feel no hardening, modifications, or additions are necessary, and in using default settings the device is impenetrable.
keen36 said:
you are looking for suspicious things and you do not understand enough about these phones (they are ridiculously complex, so that is quite normal i might add) to see whether something is suspicious or not.
Click to expand...
Click to collapse
I agree, they are complex. Tech support is of no use, they simply are not trained to respond to a question such as "Is there a firewall running on the device?" "Is code checked for malware by human eyes before an app is put on playstore, or simply trust unknown authors and feedback?"

no, i am sorry, i do not know about any android security related web communities.
i use a sony phone on kitkat, so no, i have no idea what you mean with "app manager". i just want to know what that program did; did it uninstall the apps, did it disable them, did it freeze (rename) them? i have never heard of an app being "turned off", that's why i ask.
what you describe with the microphone listening and uploading what it records to the internet, that is happening every time you open google voice search or -if you use the google now launcher- everytime you go to the homescreen
i do not know how you got the idea that i think that your device is impenetrable ([email protected] sentence btw. )? that is a ridiculous thought, i would never say such a thing. in fact, i am of the conviction that no absolute security can exist on a device which is connected to the internet. there is a reason why some security-related programs are built on machines with no internet access at all.
if you know how to use wireshark, why don't you just use it? if i had to take an uneducated guess, i would think that you would then realise that the network activity you see is benign (not malicious i mean, you might very well discover some nice datamining activity by google etc. ).
i do not know your usecase, if you are living in a country which has an oppressive regime, if you are a general target for hackers somehow (public figure / working at a security-related position etc.), then yes, it might make sense to look at your phones security in detail. if that is not the case, however, then no, i do not think that additional hardening of your hotspot is needed...

LAN compromised?

I understand this is only tangential to phone security, but my phone is connected to the LAN and I know there are some great experts here.
Here's my situation: a few days ago I had some equipment installed that required wireless access. I had to give the installer my LAN password in order to set it up. After he finished and left the house I noticed he was still in his truck for more than 5 minutes and appeared to be using a laptop. My paranoia kicked in and I unplugged my modem.
My question is what's the worst could someone do on short notice with your LAN password? I've only noticed one oddity since then. I listen to SiriusXM streaming every day. Today it told me that I was listening on a different device (which I wasn't) and did I want to continue on my desktop. That's the only unusual thing I've noticed. Malwarebytes and Norton scans don't show anything. WinPatrol hasn't noted any new bootup programs.
I know I should have changed my LAN password immediately but I have probably more than 25 devices that connect to it and it's a major PITA to go to each one and change the connection password. I will do that today but I'm still wondering what a bad guy can do with my LAN password and SSID. I do live in a semi-rural area and a stranger would stand out immediately, so I'm not concerned with some sort of war driving event.
If someone knows of a better forum to post my questions I would appreciate that as well.
Thanks!
Windows 8.1
Apple Airport Express router

Bob Coxner said:
My question is what's the worst could someone do on short notice with your LAN password? I've only noticed one oddity since then. I listen to SiriusXM streaming every day. Today it told me that I was listening on a different device (which I wasn't) and did I want to continue on my desktop. That's the only unusual thing I've noticed. Malwarebytes and Norton scans don't show anything. WinPatrol hasn't noted any new bootup programs.
Click to expand...
Click to collapse
You are talking about you´re WLAN password, right?

Yes. WLAN password.

Well, the worst thing I think is infecting one of you're device inside you're LAN or changing you're router configuration to allow access from outside.
If you're device are secure and up-to-date I don't think he could have done anything harmful (except downloading illegal things)

Worst case
If they came prepared and had everything set on their laptop beforehand they could set up a man in the middle attack on the router such that everything you get is also routed though them. Do not worry most websites use ssl to encrypt traffic which is mostly unbreakable on a well setup website. I wouldn't use anything from a "small website" only google Facebook twitter and the big name, they are reliably secure. He will still be able to see the sites but not the data. One thing to be careful of is that google directs searches inside the url so he will still be able to see searches and even which search page. He could have also setup a backdoor in the router so he can get in later and do more. If you want more pleas pm me with the router model so I can look into it. do not give me the external address or password I dont want that only the modle number.
Just theoretically this is the worst case scenario of five minutes. he would have to have everything ready beforehand and be skilled and type faster than most people but the mere possibility of this is why I got my own router sealed and set it up myself.