I was using FOSS browser to read facebook posts (not logged in) then all of a sudden its address bar was automatically typed in space for like 10 times. I thought my phone screen may be a bit dirty but when I pressed the screen it didn’t stop. Then my screen got turned into to the app switcher. The app switcher was scrolled up and my instagram was swiped to right and removed. (I didn’t touch my screen at that time.) I pressed the power button and put it in standby mode. After a few seconds, I turned on my phone and the strange thing didn’t happen again. Yet. This is the first time something like this happened to me and I’m a bit freaked out…
Before that, I was testing Bridgefy and Briar to see if they work. Then I used TrackerControl to shut down the internet access of a few apps. There were 4 apps in the app switcher: FOSS browser, Instagram, TrackerControl and Ecosia.
Here are a few apps I installed lately from FDroid: (I turned off most of their permissions before it happened)
Openboard
FOSS browser
TrackerControl
Briar
RethinkDNS
Hypatia
Net Moniter (SECUSO)
I’ve uninstalled all except Openboard, Briar and Net Moniter. I used LibreAV and Google Play Protection to scan my phone multiple times. Both said no malware.
Do you think my phone was hacked? Why did it happen? Which apps are more likely to be responsible for this? What should I do?
What version of Android are you running? It may not have been an app install, my old Android 8 device was hacked just by visiting a website. Apparently it’s called a watering hole attack.
The vulnerability that allowed this to happen was patched, but my device was no longer receiving security updates. I don’t use that device anymore.
I tend not to browse the internet much these days.
I suddenly remember when I was browsing facebook page on FOSS browser just before the “hack”, FOSS browser said it blocked something.
Could be the type of attack you mentioned.
Mine didn’t do any of what you describe. Battery life decreased dramatically, Android OS and Android System became the top battery usurpers, by a longshot, and my Developer Options disabled themselves and could not be re-enabled. The Developer Options menu was still accessible, but all the options were greyed out including the option at the top that enables/disables the other options. Happened last year.
Happened to me on PC once too. Followed a link sent to me over PM to someone’s webpage, next thing I knew half the contents of my virtual drive up and vanished. Luckily I was browsing through a virtual system at the time.
I couldn’t tell you what to do about it other than get a new device, but if your device is supported by something like LineageOS maybe installing a new OS would help. Mine wasn’t supported.
None of the FOSS apps thag you mentioned would have caused that. It is mostly what you surfed. 3 days ago my laptop got infected by visiting a regular website and started installing 40+ tencent items automatically. My whole system panicked and kept rebooting. Even after force shut down and start it kept booting. Had to delete everything via hiren’s os.
As for the issue you have it would be probably something from FB/IG sites. Suggest use TrackerControl to stop internet access and keep ads up to date. Use hblock ad blocker, it is the best till date I have found. I have one of my own but I do not keep it updated as I do not get time to do it, elae would have suggested it. In TrackerControl > Advanced > Hosts URL put as hblock (hblock.molinero.dev).
Ping me on XMPP if you have any issues. My ID is same as here.
You must begin to develop some kind of data discipline. But you must first understand the word discipline. Discipline is when you can resist temptations. I assume that you are not interested in a conversation in this direction, so I’ll stop now.
Seems like it’s more dangerous to simply browse website nowadays. I’ll be as careful as I could in the future.
I still feel a bit unsafe but would retry TrackerControl later. Probably a bit safer to use FB and IG apps than their websites (as for privacy…)
Thanks for the advice
Sure. Cheers!
Turn hypatia’s permissions back on and try it again. It should catch and stop a lot of bad things. Or maybe @SkewedZeppelin is yet another front for the F!31?!
Really could use one of those Pine Phones. Just too bad the battery life is supposedly not so great.
Android does seem like it’s the most insecure platform ever conceived. You’d be safer parking your car in a dark New York City alley, leaving the keys in the ignition and the door wide open.
I’m with @SkewedZeppelin on this one. While I have seen some malware that will open webpages and click specific things and close it quickly to commit ad click fraud, the behavior you’re describing (typing spaces, swiping an app away, etc.) makes no sense from a malware standpoint. There is nothing to gain by just annoying the user. It seems much more likely that you are just experiencing ghost touches, which can happen when something is wrong with your touchscreen (loose connector, water damage, touchscreen itself broken, etc.). You probably just need a screen repair, nothing more
I’m not thinking in terms of preventing intrusion, but mitigating the effects after the fact. It doesn’t matter how hard you try, vulnerabilities are going to be found and exploited.
The Pine Phone has hardware switches to turn off the microphone, camera, wifi, and mobile connections. While, unlike Librem’s offering, these only toggle software bios level switches they’re still a lot more than what any current Android device has to offer.
Moreover the Pine Phone can boot an OS off of microSd. If your OS is compromised you can simply wipe the sd card and install a new OS likety split or swap out to a brand new $20 sd card.
I don’t know how secure mainline Linux is on mobile devices when compared to Android, but it would be hard for me to call an operating system secure when a hacker can hijack the device just by sending sepcially formatted images to it.
A similar vulnerability was discovered in ARM Mali GPUs at the same time. The vulnerabilities were under active exploit by the time they were patched. Google didn’t mention that they were under active exploit until two weeks after releasing the security patch for Pixel devices.
I don’t know how secure mainline Linux is on mobile devices when compared to Android, but it would be hard for me to call an operating system secure when a hacker can hijack the device just by sending specially formatted images to it.
You can do the same exact thing on traditional Linux and the impact is far worse as most if not all programs are not sandboxed and very few distros confine system services via SELinux or AppArmor.
Proper AOSP on a PinePhone today would be more secure then any of the current mobile Linux offerings on a PinePhone is my point.
To be clear I believe that Linux on a PinePhone like device is the future of FOSS mobiles.
But as it stands today AOSP is an amazingly good FOSS mobile OS and many thousands of FOSS mobile-optimized apps are conveniently available via F-Droid.
Understood, but you can recover more easily on Pine Phone. I don’t know if I agree that hacking mainline Linux could be more damaging. Seems like there are fewer discovered vulnerabilites that grant root privledges on mainline Linux than on Android, but that’s probably just due to the popularity of Android compared to Linux. A lot more people looking to hack your Android or IOS devices than your Linux devices.
