Android Malware Still Spies On You When Your Phone Is Off

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Malware makers are getting sneakier and sneakier.

Most of us have seen Hollywood movies where hackers trace and spy on mobile devices even though they are switched off. Like most things in spy movies, we disregard it as fiction. However, the AVG mobile security team recently discovered malware that may challenge this preconception.
Click to expand...
 
FBI did this years ago in Mafia investigations; kept transmitting and the microphone on even when the phone was shut off. Malware just catching up, or we're just discovering it in the wild...sure it's been around for some time.
 
This malware requires root access. Things like this are a big part of why I don't root my phone.
 
Holy Headlines Batman! Soon we'll just have to give up on networks and entertain ourselves without the Internet to be safe!
 
ol1bit said:
Holy Headlines Batman! Soon we'll just have to give up on networks and entertain ourselves without the Internet to be safe!
Click to expand...

Safe, is a fairly relative term...go out to a public place and your most likely being monitored by businesses or government entities (local police, not necessarily the NSA, put your tinfoil hats away). Go to a more secluded place that most likely wont have camera feeds on it and you may run into one of the many crazies we have roaming the lands that will want to wear your skin or stick you in a hole and make you lotion up or get the hose. I'm only being partly facetious, is the shitty part.
 
Pull the battery out or don't own an Android phone.
Two solutions, boom. :p
 
Not doing anything Google isn't already doing to Android phone owners already. If you don't like your phone being a little spy machine, don't own one.
 
CreepyUncleGoogle said:
Not doing anything Google isn't already doing to Android phone owners already. If you don't like your phone being a little spy machine, don't own one.
Click to expand...

CreepyUncleGoogle! What are yoouuuu doing here?!
This isn't an Android phone, it's a forum! :p
 
Red Falcon said:
CreepyUncleGoogle! What are yoouuuu doing here?!
This isn't an Android phone, it's a forum! :p
Click to expand...

Oh you know, just watching everything all the time and saving it for later. :D Pretend I'm not here and uh...you know, keep talking about stuff. Act naturally.
 
Cause carrier IQ isn't still a thing phone companies are doing. The solution is still the same, which is to install a custom rom.

cmbootanimation-531x302.png
 
AVG & all other anti-virus brands work with law enforcment agencies, once install THEIR FREE app is user installed on their phone or pc, users agreed to accept their license terms which means they can copy ALL your private data onto their cloud/servers and thus allow LE total access to THEIR data. Rooting a cell phone & using Superuser SU controls access PREVENTS whether the user allows an app full access to data, so rooting is just as safe. If you want total protection encrypt your phone's data. It's that simple. :cool:

There are numerous articles on the web that clearly aver iphone users were the most hacked by fbi and nsa type agencies. :eek:

www.washingtonpost.com/business/tec...c4e08e-4344-11e4-9a15-137aa0153527_story.html
 
What's up with all these stupid shit lately? Well, I say lately likely... it's probably just people figuring out more than they didn't exist back then.
 
seriously guys...?


fucking duh

anyone the least bit surprised by this, or who clings to some forlorn hope that the same is not true on any other device, is beyond my help, best of luck to you all
 
If your phone is rooted, that means people can do pretty much anything.. Is this news? It is like saying, user can still steal your data from a redhat distro even after you turn it off.. Sure I can.. If I have root access.. Pfft.
 
DocSavage said:
This malware requires root access. Things like this are a big part of why I don't root my phone.
Click to expand...
The problem is that on a vast majority of devices, because they'll never see updates, still have exploits in them that allow the system to be rooted. TowelRoot, anyone? Package the spyware with TowelRoot as part of the spyware app's initialization phase which roots the phone and then after that's done, the spyware is installed. Instant device p0wnage.
 
That is one of the biggest problems about Android and why I went back to the iPhone.

Google may create Android but the OEMs own it. The OEMs essentially have Google and Android by the balls and Google can't do anything about it. The OEMs are running roughshod over Google. Google lost control of Android the moment it was licensed the way it was. Then again, one might say you can't lose something you never had to begin with.
 
chrispix said:
If your phone is rooted, that means people can do pretty much anything.. Is this news? It is like saying, user can still steal your data from a redhat distro even after you turn it off.. Sure I can.. If I have root access.. Pfft.
Click to expand...

If a rooted phone's data is encypted... and the user hasn't installed any additional free apps filled with malware i.e. anti-virus brands, etc allowing THEM access to all your data to srore onto their cloud/servers, your data is safer than the non-rooted cell phone without encpytion, YOU/THEY can't steal crap. I'm betting you're an iphone user because you certainly don't know what you're talking about when it come to properly rooting an android cell phone nor have you ever used SuperSU. The simple fact all c-phones have mandated 911 GPS on all phones, mean LE can track your location based on your phone number. You can not remove an iphone battery, unlike a Samsung S4/5 phone. :cool:
 
trparky said:
That is one of the biggest problems about Android and why I went back to the iPhone.

Google may create Android but the OEMs own it. The OEMs essentially have Google and Android by the balls and Google can't do anything about it. The OEMs are running roughshod over Google. Google lost control of Android the moment it was licensed the way it was. Then again, one might say you can't lose something you never had to begin with.
Click to expand...

http://www.computerworld.com/article/2871238/iphone-users-how-your-government-spies-on-you.html

http://pando.com/2014/07/28/apple-h...g-on-iphone-users-here-are-the-court-filings/

I also love how everyone is hugging their phone with their eyes glued shut, rocking back and forth saying "not my phone" "not my phone" "not my phone"... You're right, just ever other phone, computer, tablet and electronic device, but not yours.

Get real.
 
trparky said:
The problem is that on a vast majority of devices, because they'll never see updates, still have exploits in them that allow the system to be rooted. TowelRoot, anyone? Package the spyware with TowelRoot as part of the spyware app's initialization phase which roots the phone and then after that's done, the spyware is installed. Instant device p0wnage.
Click to expand...

TowelRoot simply unlocks your phone from which the manufacture locked it to prevent unintelligent (mostly iphone users +) simple minded Android users from messing up their phones operating system.

As for spyware being attached to TowelRoot... BS. How many free apps have you installed onto your iphone? I'll bet you have never used towelroot, you can not install ANY apps without SuperSU, which allows the user to grant permission if they choose to install additional apps onto their phone. So, keep using cloud services and keep your phone unlocked, because when LE casually takes your unlocked phone and you haven't unencrpyted your data THEY don't need a warrant to review your data i.e contacts, SMS logs, Photos, Videos etc. :eek:
Remeber this... It's not going to be an application that you can just remove, most likely it's something very casual part of the kernel, using good obfuscation. After the NSA keys were spotted and published in windows NT Microsoft started moving them around, I assume Apple learned from that. And there will be plausible deniability, as in opps that was just for debugging. :cool:
 
Odnocer said:
If a rooted phone's data is encypted... and the user hasn't installed any additional free apps filled with malware i.e. anti-virus brands, etc allowing THEM access to all your data to srore onto their cloud/servers, your data is safer than the non-rooted cell phone without encpytion, YOU/THEY can't steal crap. I'm betting you're an iphone user because you certainly don't know what you're talking about when it come to properly rooting an android cell phone nor have you ever used SuperSU. The simple fact all c-phones have mandated 911 GPS on all phones, mean LE can track your location based on your phone number. You can not remove an iphone battery, unlike a Samsung S4/5 phone. :cool:
Click to expand...

Android user since 1.0 /g1 and android developer and have a stint on aosp.. If user has root, your encryption (disk level) does nothing.. Unroofed with user level file system permissions are solid.. If not.. All Linux distros have the same issue.. I have and do use SuperSU, but that does not mean someone could create a Trojan that requires root, and does something nefarious with the access too..

And, pretty sure there have been no removable batteries since the galaxy nexus on nexus devices...

Sent from my nexus 6...
 
chrispix said:
Android user since 1.0 /g1 and android developer and have a stint on aosp.. If user has root, your encryption (disk level) does nothing.. Unroofed with user level file system permissions are solid.. If not.. All Linux distros have the same issue.. I have and do use SuperSU, but that does not mean someone could create a Trojan that requires root, and does something nefarious with the access too..

And, pretty sure there have been no removable batteries since the galaxy nexus on nexus devices...

Sent from my nexus 6...
Click to expand...

Again... BS, Samsung S4/5 HAVE REMOVABLE BATTERIES. You should have purchased an S4 or S5 not nexus, if what you aver is true. I'm not going to waste my time researching whether your nexus phone has or not a removable battery. that was your choice to purchase a non-removable battery. DA choice too.

After you encrypt your phone, you can never switch your phone back to non-encrypted... This is user level. With the Screen Lock options, you can use a PIN for a while, and then switch back to the pattern if you want. Not so with the encryption option. You will never, ever, ever, ever, get it back together.

If you encrypt your phone and then forget your password, your phone is what is called bricked. That means that its only use in the future would be in house construction as a brick because you're not going to be able to use it as a smartphone any more. :rolleyes:

Intelligent Android users know how to use Odin and easily unbrick their phone. :D

Yoop-ti-doo... I was using Samsung Ominia v.1 back in 2008 and reinstalling windows was as easy as rooting an Android or jail-breaking an iphone.

Then there was the Samsung SPH-1300 (Oct 2001) Anyone who thinks smartphones started with Apple will be shocked to see that Samsung was building Palm-powered smartphones for Sprint five years before the iPhone even hit the market.
 
Ashbringer said:
Cause carrier IQ isn't still a thing phone companies are doing. The solution is still the same, which is to install a custom rom.

http://www.androidguys.com/wp-content/uploads/2013/12/cmbootanimation-531x302.png
Click to expand...

Which doesn't really address the problem of tracking in general. A custom ROM doesn't prevent you from having to use a Google account to get apps from the Play Store which makes the properties of the device known to Google and open for monitoring via the web browser, GPS, calls, cell triangulation, texts, e-mail, and so forth. Custom ROMs are nice, but Android is not an OS that was designed to protect your stuff from snooping, malicious apps, and your carrier and/or Google's data collection mechanisms regardless of who repackages it.
 
You must log in or register to reply here.
Back
Top