Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mobile Phone Security Questions


  • Please log in to reply
20 replies to this topic

#1 implieddeny

implieddeny

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 09 June 2018 - 10:18 AM

Does hacking into a mobile phone and controlling its cameras  require the installation of some Malware ? Or can it be done without installing anything.

Also how safe are whatsapp messages from MiTM ?

 

I strongly suspect my Mobile is hacked and cameras commandeered.

 

Kindly advice.


Edited by implieddeny, 09 June 2018 - 10:24 AM.


BC AdBot (Login to Remove)

 


#2 muroga

muroga

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 AM

Posted 10 June 2018 - 10:30 AM

Well for some sort of remote access, malicious or otherwise, like any function has to be enabled directly by the hardware or run by some kind application. Now I dont know what kind of phone you have but i doubt remote access and control of the camera is a built in feature so Id say youd need an app for that.

But the bigger question is what makes you think that your mobile has been compromised? Also assuming you really are hacked and an attacker really does have access to the camera they probably have more than just that....

As for whatsapp Im not familiar with what encryption scheme it uses but a MITM would intercept all your traffic so I suppose the attacker would at least have the messages.....could they read the contents of the message I personally dont know.

#3 implieddeny

implieddeny
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 11 June 2018 - 09:57 AM

1.I am using oppo f1s.

2.So an app or some sort of software is required for remote access.

3.maybe whatsapp is used to get an IP ?

4.I have strong evidence to suspect that my mobile is hacked.very strong.

 

how do i analyze my phone or an app ?

Like run a pentest on my mobile or check an app ? malware analysis any suggestions ?

 

what do you mean hacker has more that that, more than my Camera ?? ??

 

you are new here....?hmm


Edited by implieddeny, 11 June 2018 - 10:02 AM.


#4 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:10:39 PM

Posted 11 June 2018 - 08:49 PM

is adb over wifi enabled?  Make sure that's disabled.   In theory, someone could access your phone if that's enabled.  But i would say that's highly unlikely.


Microsoft MVP Consumer Security--2007-2010

#5 Replicator

Replicator

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dark Basement
  • Local time:12:39 PM

Posted 12 June 2018 - 07:20 AM

Turn off WiFi when your not using it, same goes for Bluetooth and any other network access utilities.

 

Any Web Application is potentially vulnerable and will always log your WAN IP.

 

Metasploit Pro will run a GUI pentest on any device connected to your LAN, or given IP over WAN.

 

You can also run Web App Platform tests to expose any potential holes!


Edited by Replicator, 12 June 2018 - 07:23 AM.


#6 muroga

muroga

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 AM

Posted 13 June 2018 - 08:41 AM

2.So an app or some sort of software is required for remote access.


That would be the likely scenario unless there is some hole in the OS or some other app that is already downloaded. The malicious script can come in through what may atleast appear as a safe app.



3.maybe whatsapp is used to get an IP ?



Im not sure what that means like i said not really familiar with whats app but I know a little about networking and I dont see what that particular sort of information would really grant. Your ip address(external) is not really a secret.


what do you mean hacker has more that that, more than my Camera ?? ??


A real hacker is going to want access important data like financial information or add programs that steal your systems resources and repurpose them to be used by the attacker crypto-miners/botnet....etc. What it comes down to is making money just having control of the camera app, what does that do for the attacker? Unless you work in some sort of sensitive field or some kind of executive, a high value target then most people could care less. What Im saying is that if an attacker was able to push some malicious code onto your device under your nose especially if it was without any user interaction(exceptionally rare) to remotely control your device there is no reason to believe they would only stop at the camera.

Honesty Im really curious what exactly is the issue with your device, you dont have to share but it might shed some more light on what exactly is going on.

Anyway on removal theres not much you can do with mobile os devices in terms of anti-malware/virus/stopping malicious code in comparison to PC. I would make sure that you have a suitable backup made if you dont already in case things take a turn for the worse. There are programs that can clean system files bit they require rooting to be able to fully access abd alter those files and it is very easy to throw your device into a boot loop or brick it altogether if done wrong. Unless your device is already rooted I dont recommend even looking into that. Only simple, safe potential solution I can think of is to hard reset and enable recovery mode then do a factory reset. Flashing a new ROM might also help restore whatever functionality has been lost due to infection but this requires finding the necessary programs, usb driver, and firmware downloaded to a PC.


I found this havent looked through it all but some of the info and utilities may help you.

https://github.com/ashishb/android-security-awesome/blob/master/README.md#tools

#7 implieddeny

implieddeny
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 13 June 2018 - 11:23 AM

1.what is adb over wifi , checked my phone could not find it .

2.Running a pen test , trying to do what I can like port scan nmap,

  capture traffic using ettercap, will try the above tools.

  Is there an idiots guide to pen testing mobile ?

3.So to get remote access to the mobile , it would most likely

  be an vulnerability in the OS.hmm...


Edited by implieddeny, 13 June 2018 - 11:27 AM.


#8 muroga

muroga

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 AM

Posted 13 June 2018 - 05:20 PM

what is adb over wifi , checked my phone could not find it .


Android Debug Bridge, it is a terminal interface that allows you to run command line tools to program the connected device. Its enabled via a usb connection but you can also enable it over wifi.


Running a pen test , trying to do what I can like port scan nmap,


Before you do pen testing you should fogure some protection strategy and if your device is hacked as you say pen testing really isn't goong to help you, you need to remove the infection. Plus unless your device is rooted a lot of those testing tools wont really do anything.

So to get remote access to the mobile , it would most likely be an vulnerability in the OS.hmm.


Not quite to get remote access without some sort of direct action by the user would most likely be caused by some built in vulnerability like some hole in the operating system. Recall that was your original concern/question. Bottom line if you get hacked its almost certaiinly because you in some way let the hacker in.

#9 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 7,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:10:39 PM

Posted 13 June 2018 - 05:32 PM

 

Not quite to get remote access without some sort of direct action by the user would most likely be caused by some built in vulnerability like some hole in the operating system. Recall that was your original concern/question. Bottom line if you get hacked its almost certaiinly because you in some way let the hacker in.

 

 

I commend you for stating this directly.  The great myth is that many get hacked by having something "sneak on" to whatever the hardware in question happens to be.  This isn't even remotely probable for the random man/woman on the street's computer or phone.  They're just not high value targets.

 

Virtually all infections are the direct result of user action, often taken by manipulating someone into doing something they think will make a given piece of hardware more secure or remove infections when, in fact, just the opposite is the case.


Brian AKA Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

 

     In a modern society where everyone thinks their opinion deserves to be heard nothing annoys me more than individuals who mistake their personal preferences for fact.

         ~ Commenter TheCruyffGurn on the The Guardian website, 8/13/2014

 

              

 


#10 implieddeny

implieddeny
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 14 June 2018 - 12:08 AM

Checked , I do not think adb is enabled over wifi...

 

Yes Social engineering is part of a hackers repertoire

 

Known Vulnerabilities of Android 5.1 Lollipop  , got a full list

on cvedetails.com, are android vulnerabilities the same for

all android versions ?forgive me if it is a dumb question

 

.


Edited by implieddeny, 14 June 2018 - 12:15 AM.


#11 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 7,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:10:39 PM

Posted 14 June 2018 - 06:36 AM

 

 

Known Vulnerabilities of Android 5.1 Lollipop  , got a full list

on cvedetails.com, are android vulnerabilities the same for

all android versions ?forgive me if it is a dumb question

 

.

 

I want you to engage in a thought experiment.  Ask yourself if vulnerabilities are the same in all versions of Windows, or Linux, or even the same versions of said operating systems over time.

 

All OSes get (or can get) patches and a great many of those are to address security issues.


Brian AKA Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

 

     In a modern society where everyone thinks their opinion deserves to be heard nothing annoys me more than individuals who mistake their personal preferences for fact.

         ~ Commenter TheCruyffGurn on the The Guardian website, 8/13/2014

 

              

 


#12 midimusicman79

midimusicman79

  • Members
  • 619 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:04:39 AM

Posted 14 June 2018 - 09:15 AM

Hi, implieddeny!

 

Just a thought, but I assume you can upgrade Android 5.1 Lollipop to a newer version in order to benefit from the extra security that newer Android versions feature, partly due to vulnerabilities being patched.

 

My personal Smartphone (Samsung Galaxy S7 Edge) came with Android 6.0 Marshmallow, and I subsequently upgraded it to Android 7.0 Nougat and finally upgraded it to Android 8.0 Oreo.

 

AFAIK, this is possible both on low-cost mobile phones and premium mobile phones.

 

https://en.wikipedia.org/wiki/Android_version_history

 

Regards,

midimusicman79


MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#13 implieddeny

implieddeny
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 15 June 2018 - 03:21 AM

I would not like to upgrade the OS or do any other changes, due to the fact that I will be getting my mobile forensically examined. I had it examined once, but I will get it done once again along with a pen test.
Thank You.

#14 midimusicman79

midimusicman79

  • Members
  • 619 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:04:39 AM

Posted 15 June 2018 - 04:11 AM

Hi again, implieddeny!

Well, then you can possibly try upgrading your OS after the forensic examination and the pen test, but that is up to you. :whistle:

Also, be aware that if you later choose to upgrade your OS, you may get new functionalities too. :thumbup2:

You are welcome and good luck! :)

Regards,
midimusicman79

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#15 implieddeny

implieddeny
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 17 June 2018 - 02:52 AM

Thank You everyone.
I have come to the conclusion that my mobile was most likely hacked through an exploit in the os or in an app,not sure if it is some malware.

Yes to some people I am an HVT, been under attack for decades, could be characterized as an apt.

Sick that people hack into mobiles, take control of cameras and than record and end up tarnishing ones image. Where I live this is being done to me...

Thank You everyone, bye.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users