Related
I jumped on the bandwagon and installed the 2.1 Leaked rom for my Droid Eris as soon as possible.
Last week my gmail accounts password was stolen. Also, my gmail account was sending out spam.
I ran a ESET32 Anti-virus security scan and found no threats. Afterwards I ran Malwarebytes and also found the same results, nothing. I changed my gmail password and all other accounts associated with my gmail.
I am a competent computer user and keep my Windows 7 64bit install clean, tidy, and updated. I use Google Chrome to browse the web carefully and I only visit websites I trust. Although it is very possible, I find it highly unlikely that my system was infiltrated.
I assumed I screwed up somewhere and my desktop was hacked.
Heres where the interesting part starts, Although I changed my password around a week ago, apon logging into Gmail today I was notified about my account being accessed on June 3 (3 days ago) from 6 different Chinese Ip's. I changed my password and security question today and closed all of the email sessions located in China.
My system shows 0 threats after running ESET ENOD32 Anti-Virus and Malwarebytes.
I don't have any other device that stores my Email password besides my Droid Eris.
I could be stepping out onto a limb here, but I still have to enter my Gmail password everytime upon opening the Android Market. I know this has been listed as a bug before. Also, I can't enter my password to enter the Market unless my 3G AND GPS is turned on. It does not work if the GPS is off.
Could it be possible that everytime I enter my GMAIL password into the Market app, it sends a copy out to China?
Why does my GPS have to be turned on to accept my password?
Is the "leaker" from china who released the 2.1 ROM to XDA a trusted source?
Help me out guys!
update to the latest leak and you wont be having these problems
rohanic said:
Is the "leaker" from china who released the 2.1 ROM to XDA a trusted source?
Click to expand...
Click to collapse
The leak, although it appeared to come from riverrunner, actually was leaked by one of the devs that has put in a lot of work in making the eris awesome.
Like Royel said, update to the latest version of the leak and you shouldn't have any of the password login problems.
Not sure about the gmail problems, but I've been running all the leaked versions and had no problems so far.
This post prompted me to check on my account also
Confirmed, IP in China has been logging into my gmail account also.
LexusBrian400 said:
This post prompted me to check on my account also
Confirmed, IP in China has been logging into my gmail account also.
Click to expand...
Click to collapse
Where do you find out how to check.
Log in to Gmail, scroll all the way to the bottom. It will show which IP you last logged in from. Next to it is a link, I think it says "details". A window will pop up showing you all IP addresses that your account has been logged in from.
korben dallas said:
Where do you find out how to check.
Click to expand...
Click to collapse
I am a new user, so I can't post links to the how to. Basically log in to gmail, click on settings, scroll down to the bottom where it shows how much storage you are using, just below that in tiny print is "last account activity", click on details.
I just checked the details on my account and I am getting no logins from China, or anywhere that isn't me.
Just a thought, but have you checked to see if it's the same IP address each time? If so, you may be getting a weird IP address from VZW that google is geo-locating to be from China even if it isn't.
Unless we start getting a lot more people confirming this, I would say it is probably not an issue with the leaked rom but more likely something else (virus on your computer, an app that logs into google accounts for you).
wow, weird. i've often checked my "last account activity."
i'll randomly get some logins (all mobile logins) from another state (Michigan... right next door to me). i imagine it's just due to the IP that i'm getting on my phone...
now, i've NEVER seen anything from China before... and i've run just about all the leaked ROMs out there
strange indeed... i'm assuming all the "china" IP's were mobile logins?
I just checked mine and I had multiple logins from two different IPs. The ones from a desktop were my IP (in Oklahoma) and all of the ones from a mobile device were from a Florida IP. I logged off all of the other accounts and changed the password to a long string of letters and numbers, then logged in on both my desktop and my phone. After that the same two IPs were logged in, so apparently my verizon IP is somewhere in Florida.
I'm not sure why they would use an IP in china, but it could be a similar thing happening to you guys.
While blocks of IP addresses are allocated regionally (hence the different IP registries such as ARIN, RIPE, and APNIC, this happens at very small prefixes (huge blocks of IP addresses).
Geo-location of an IP address is imprecise for a wide variety of reasons. (Despite what you see on popular "crimefighter" TV shows). An AS (BGP Autonomous System) can emit packets from multiple points within their network, depending on instantaneous routing conditions; this is especially true for large national carriers such as Comcast, Verizon, Sprint, AT&T, etc.
One thing that no-one mentioned here is that every one of the Leak ROMs were cryptographically signed by somebody at HTC. If there is malicious code in the ROM, it came from HTC. Seems kind of unlikely. Feasible, but still seems unlikely.
bftb0
Leak isn't sending out passwords. In fact, if i remember right your pass isn't stored on the phone, a key is.
Virus scan won't catch everything, especially new things.
1) Do any OS upgrade on your PCs, I recommend for non techies http://tinyurl.com/m7r5h or for techies http://tinyurl.com/mkly.
2) change all your passwords
3) dont cross use passwords
4) choose complex passwords >10char in length.
jcase said:
Leak isn't sending out passwords. In fact, if i remember right your pass isn't stored on the phone, a key is.
Virus scan won't catch everything, especially new things.
1) Do any OS upgrade on your PCs, I recommend for non techies http://tinyurl.com/m7r5h or for techies http://tinyurl.com/mkly.
2) change all your passwords
3) dont cross use passwords
4) choose complex passwords >10char in length.
Click to expand...
Click to collapse
2nd to that, also Another great one for techie http://www.archlinux.org only if you like getting ur hand dirty and learn more about how Linux work from ground up, less hassle than doing Linux from Scratch lol, although it's fun, very rewarding experience and it'll come in handy when you want to do ROM cooking since it's based on Linux.
I've begun to notice that Yahoo and Gmail have been telling me there have been access from Germany such as 195.124.9.241, which comes up as Verizon Germany and I see the word social hub in there somewhere too.
Unfortunately there have been spam email sent from my inboxes to my contacts and the times of sending email corresponds exactly to one of the times while "logged in" from Germany.
Question is, does Samsung really route all it's requested data traffic from users in the UK through Germany? And do you think my phone/samsung emails been hacked or what?
Thanks
same problem here... what is it???
i was curious about that and did a tiny amount of research and found out that verizon germany only exists for companies and government agencies and looking up the ip address gave me this: http://www.ip-adress.com/ip_lokalisieren/195.124.9.241 as a first result. it says that it is SAMSUNG SDS EUROPE LTD (nat-egress-g-01.fra.samsungsocialhub.com). so it seems that your account has not been hacked but that is an actual route for the social hub.
however, spam sent from your email address can still happen, depending on what you did with your address. if you ever posted your address openly on the internet, you are likely to receive spam, but also to be used to send spam. there are so many ghostmailers out there, that don't require your actual login credentials to use your address as a sender and also there are many apps on the market that request to many rights. simple free card games request the right to send sms, call, and read out your imei, contacts and existing sms. that is malware that is able to grab your contacts' information.
also, these days, people tend to care less about privacy, just have a look at the google+ threads and the dozens of people openly posting their email address for millions to read and for bots to grab. facebook and google live from selling your personal information as well.
in conclusion: by not being careful it might easily happen that you give your contacts' email addressses away to receive spam, and your own to send spam, but that does not necessarily mean, someone else actually has access to your google account or whatever email provider you use besides google. but since there is of course still a chance that your account might be hacked, you should still change your passwords for your email account and every site you use with that account (as people that read your inbox might have read what you do on the internet and got that password as well).
SGH-i777 running CM 7.1.0 on Android 2.3.7. Carrier is obviously AT&T.
I can't for the life of me figure out how to add my Exchange account to the stock e-mail program. I've tried:
* Countless variations of server, domain, and username settings. I've followed this guide **can't post link** and several other guides. I do have access to my company's server information, and while I'm not sure which server is actually being used, I've tried them *all*, several times, and gotten nowhere. With a WiFI connection (no firewall) and just 3G data, signed in or signed out of Outlook Anywhere. No luck, just "Unable to open connection to server".
* K-9 connected to my account, but I was unable to see any e-mails - none would load, even when I had it force check. So I uninstalled it (would rather use the stock app anyway).
Is this a problem with my signal? I read that someone got help from their carrier - they made a custom APN, but that was in another country so I'm a bit skeptical. Can't call Samsung (it's Sunday) and their website offers no help. It's possible my IT doesn't allow phones to read mail, but that's highly unlikely - we've got lots of employees in the field, so this seems like common sense.
I did a lot of digging and this might be an old issue, but it gets pretty technical and I'm obviously a n00b.
What am I missing here???? PLEASE fill me in - I've put hours into this!!
It's quite possible that your IT group who manages your Exchange environment isn't allowing non-approved devices to connect. Typically these are security-certificate based and/or mandatory VPN requirements. I would suggest asking your Exchange administrator in your IT department about this policy.
Under Domain/username, did you try putting the "\" in front of your username? To configure mine I did this and had to use the host name as the Exchange server. Some things to try anyway if you haven't already.
Also ran into issues setting up under a public wifi at work, had to use the ATT network to make it connect for some reason.
I have my work exchange account set up.
Are you making sure to connect to the external exchange server (sometimes different from internal)?
Have you asked your administrator for exchange login details (my IT dept sent out a company-wide email once with those details)?
You might have to type the server name in manually if it doesn't auto-detect (the case with my work email).
Now, my work isn't as strict, but as the previous poster said; you're exchange server might not allow unauthorized devices to connect. In which case you'll have to contact your IT dept.
They may have simply blocked all android devices (until recently didn't support hardware encryption, and spoofed exchange permissions). If that's true, educate them.
The server name may be a link rather than a server name. Ours is mibile.XXXXX.com for example.
probably related to your company's settings. I run my own exchange server and got it sync'd fine with the current cyanogen nightly
I had problems with the stock email and our ms exchange server. I could set it up, but after a while it stopped syncing and I could never really get it back to work. I switched to Touchdown, and after a little trial and error with setup, it's working fine for me. There is a trial version for 30 days or so that you could give a shot. Happy to give you some pointers.
AtlanM87 said:
I had problems with the stock email and our ms exchange server. I could set it up, but after a while it stopped syncing and I could never really get it back to work. I switched to Touchdown, and after a little trial and error with setup, it's working fine for me. There is a trial version for 30 days or so that you could give a shot. Happy to give you some pointers.
Click to expand...
Click to collapse
+1 for touchdown. I've been using it for about a year. It's far superior to any exchange solution the Google offers. I only wish it would populate Google calendar as it does the Google contacts. The UI is getting dated as well. I wish they would come out with a cosmetic update or theme capability.
Sent from my SGH-I777 using xda premium
Last week I noticed a device under my Google Play account (My Devices) that is not mine, a phone on a Romanian cell phone company network. I also noticed that someone from Russia had accessed my Gmail account. I changed my Gmail password (the old one was alpha-numerica,random, with symbols) and turned on two step authentication.
The Gmail account seems to be ok. The contacts all there and no messages removed or messages sent by people other than me.
The only sign of the intrusion is about a dozen "free" apps ordered by that device. It included sketchy gambling apps, a child's game that from comments I read has adult advertisements, and ringtones. After I changed the password there are new "free" media on the account - books and various video. These appear to be from a different user - all in English as opposed to Russian and nothing sketchy.
My guess on how this started - I downloaded an app with about 100 reviews. The next day the "free" apps started to appear, and the unauthorized device also was added the next day.
My SGS 3 isn't rooted. For Jellybean it seems that I have to wait for a stable root, should be another few days.
I contacted the Play Store support and they were of no help. They referred me to Gmail support but Gmail doesn't offer phone support. I think only support on a Google Group forum.
Any idea how this could have happened and how to get this device off of my account? My PC's are secure and my primary PC is Linux.
starfcker69 said:
Last week I noticed a device under my Google Play account (My Devices) that is not mine, a phone on a Romanian cell phone company network. I also noticed that someone from Russia had accessed my Gmail account. I changed my Gmail password (the old one was alpha-numerica,random, with symbols) and turned on two step authentication.
The Gmail account seems to be ok. The contacts all there and no messages removed or messages sent by people other than me.
The only sign of the intrusion is about a dozen "free" apps ordered by that device. It included sketchy gambling apps, a child's game that from comments I read has adult advertisements, and ringtones. After I changed the password there are new "free" media on the account - books and various video. These appear to be from a different user - all in English as opposed to Russian and nothing sketchy.
My guess on how this started - I downloaded an app with about 100 reviews. The next day the "free" apps started to appear, and the unauthorized device also was added the next day.
My SGS 3 isn't rooted. For Jellybean it seems that I have to wait for a stable root, should be another few days.
I contacted the Play Store support and they were of no help. They referred me to Gmail support but Gmail doesn't offer phone support. I think only support on a Google Group forum.
Any idea how this could have happened and how to get this device off of my account? My PC's are secure and my primary PC is Linux.
Click to expand...
Click to collapse
I have the IMEI # of the phone added to my account, also the model number (registered in Russian Federation). Could the IMEI be useful? I can PM if interested.
Imeis are quite useful to many people...Just don't pursue this on xda.
Sent from my Galaxy Nexus using xda premium
My account too was almost hacked.
I signed into youtube and a notice was shown that someone from ip in china tried to log into my google account and it denied them and i changed my password. No weird apps nothing.
The thing is probably the app you downloaded.
Just because it has 100 downloads doesn't mean its malware but you need to check permissions always.
Even big games like "Paper Toss" has been know to sell peoples info to companies.
When you read permissions. There should be a list of all the options the app requests.
Be Smart. If you download a calculator, It shouldn't have access to your personal identy, messages and the big key is internet access.
If you download a calender it may need access to contacts but it it also needs internet access, its probably is storing your contacts and sending them out to a site that then sells to a company and lastly, your grandparents receive phone calls asking if they want to buy a service and use your name as who referred them.
Also. rooting is a good option. With an app on here called pdroid or droidwall you can download those apps but it will alert yyou when the app wants to use a permission (like internet) and gives you the option to allow or deny.
good luck
I have one update. I think that after I changed my password and went to two step verification, the purchases of "free" apps and media stopped. It's been four days and nothing new added. So far so good. Thanks for the replies. BTW, Google of no help.
I'd still like to know how the Gmail account was compromised - I may never know.
similar thing just happened to me (Galaxy Note) appeared on my account from no where. When I contacted google if they can help or if they are interested in tracking him down, all they said was we cant help you. And change the pw. Obviously I know that I need to change the pw. I know Apple would have tracked it down somehow if it was an iphone. My pw has 22 characters number letter symbols yet it was hacked.
Since google is not helping me I installed Android Lost app on this NOTE and waiting to get a location update via email. I know it wont do anything much and I cant do anything against him or her since no paid apps were downloaded. Still I would like to do something to crooks like this. He only had 6 apps installed (facebook,viber candy rush) and terminal emulator (which worried me).
I really hope that Android close their unlimited backdoors in the OS.
So I finally upgrade my LG simple 1G phone to a VZW Galaxy S4, allowed it to update to MK2, setup my gmail account (not G+ though), take care of organizing it like I want, etc. Next thing I notice, that in my gmail I start getting dangerous looking spam ("update your Amazon credit card info", "update your ###### info", and the image had a link which would've sent me to a Yemen domain. Nothing happens without a reason, and the only thing that changed was I gave the phone my gmail logon. I did not directly give account info to any of the other vendors advertised on the bloatware on this phone. I should add that prior to this I was familiar with the spam I'd get in gmail (and gmail would flag it into spam folder) and it was consistent and never made it into my inbox.
This being my first android I'd appreciate comments on your experiences with this, and anything you can share on how to better safeguard my info. I hate google, or anybody for that matter, having so much access to my credentials which I normally and successfully hold fairly close. (Yes this is my first smartphone).
I am a Malwarebytes registered user on my desktop and laptop so I downloaded their app onto my phone, but something tells me what caused this spammer to source me was over-sharing of data on google's (android's?) part.
Thanks
MessyPotamia ("because in the land between the Tigris and Euphrates, things are a MESS")
Huntsville, Alabama
I think its pretty safe to say its coincidence. My family owns about 5 Android devices and I myself have three Android devices currently in active use , two gmail account, one for my personal devices and the other for family use and so far, we have yet to get any 'weird' spam issues except for the occasional spam that promises me that I'll get bigger manhood and such. Try playing with the app settings or try another email app. I mean, if you have a gmail account all this while and google wants to sell off your personal information, they would have sold it a long time ago and not wait only now because you have a new smartphone right? Lol
Sent from my GT-N7105 using xda app-developers app
mha93 said:
I think its pretty safe to say its coincidence. <SNIP> I mean, if you have a gmail account all this while and google wants to sell off your personal information, they would have sold it a long time ago and not wait only now because you have a new smartphone right? Lol
Sent from my GT-N7105 using xda app-developers app
Click to expand...
Click to collapse
Didn't mean that I think G directly sold it off, but something enabled a spammer to target me. Have been getting this same spam about 1x / day since I shared my 10 yr old gmail acct w/ VZW/I545/MK2. Something triggered it, I don't believe in coincidences (my prior CI work, sorry!), and the only thing that changed was my new setup.
Maybe its something that you've installed? Like have you pirated any apps or downloaded any sketchy apps? Besides that, I can't think of other ways besides logging in to your gmail account, and actively mark the emails from that address as spam.
Sent from my GT-N7105 using xda app-developers app
mha93 said:
Maybe its something that you've installed? Like have you pirated any apps or downloaded any sketchy apps? Besides that, I can't think of other ways besides logging in to your gmail account, and actively mark the emails from that address as spam.
Sent from my GT-N7105 using xda app-developers app
Click to expand...
Click to collapse
Two days later from my orig post. First, I have not downloaded any suspicious apps (only 2 banking apps, and they're pretty secure), one or two others from app store (but uninstalled them when I wasn't impressed). I set up my wife's yahoo email account as another account under email; one gmail account I use often as another email account; and my regular gmail account is the main phone account. My regular gmail account gets very little spam.
Now I notice my wife is getting evidence her contacts have been harvested, as folks in her contacts (some very old contacts) are replying "Did you send this? " or rejection messages from their .gov or .mil enterprise mail server. She has had registered malwarebytes on her laptop, as do I on mine. Tomorrow I will run CCleaner and HijackThis on both hers and mine. I must say the neither of us visit suspicious places or have any poor practices regarding opening emails or attachments, and our Secunia PSI scores are usually around 98.
This has to have something to do with my new Galaxy S4 and the fact that I gave it my gmail credentials, and her yahoo credentials.
This is not a coincidence.
After googling around, I came upon several forums stating that their users are getting spam mails after logging into their gmail accounts from their 'new' smartphones. So I guess your case is not unique. In all the cases, they managed to solve the problem by changing their gmail password. So what I'm thinking is that your phone is a 'manufacturer refurbished phone' or at least one that was returned to your carrier and repackaged again and that the previous owner left a malicious code or script in the phone. So short of returning to your carrier or to Samsung, I suggest that you change your password, factory reset your phone, update the firmware before logging in to your gmail account and see if it changes anything. The best bet is to return it to Samsung or your carrier on grounds that its a 'defective device' or at least claim that something is wrong with it. Chances are, they will reflash a fresh new firmware onto your phone and would in theory solve and delete any malicious code in your phone. Or they'll replace yours with a new phone. Yeah sounds troublesome but if you want to skip Samsung and reflash a new firmware yourself, head over to the S4 forums and see the method of flashing a new stock firmware. Sorry that your new smartphone causes so much problems. Google is quite helpful when its working right.
Sent from my GT-N7105 using xda app-developers app
(Problem solved)
mha93 said:
After googling around, I came upon several forums stating that their users are getting spam mails after logging into their gmail accounts from their 'new' smartphones.<<SNIPPED for brevity>> Google is quite helpful when its working right.
Sent from my GT-N7105 using xda app-developers app
Click to expand...
Click to collapse
The source of the spam is most assuredly the YAHOO MAIL ANDROID APP (downloaded 3 days ago from App store and put on her android, not mine). After running (reg'd) malwarebytes, plus CCleaner and HijackThis (all showed nominal) I began to suspect it was on Yahoo's side, and sure enough there are plenty of recent articles about their vulnerability. Removed the app from her Moto Droid.
I particularly enjoyed reading this:
[I can't post outside links, google the search terms "even-yahoo-employees-dont-use-yahoo-mail"]
Meanwhile, everyone here I thank for participating in this thread.