• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Gmail accounts being hijacked like crazy

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
freedomsbeat212 said:
This is why I don't install banking apps (and the Bank of America one gets great reviews) - I love android and don't assume that it's not secure, but rooting seems like it open a pandora's box of risk. I mean, how hard would it be to add a keylogger to that pretty theme download? Or to replace the stock gmail app with a compromised one. I enjoy the benefits quite a bit so it's a mixed bag for me.
Click to expand...

That's why whenever somebody asks questions about, or recommends somebody root their android phone, I always post this link: http://androidandme.com/2009/09/hacks/why-not-everyone-should-root-their-android-phones/
 
freedomsbeat212 said:
I'd go back to stock in a heartbeat if we had out of the box wifi tethering. It's just too useful to lose - but I understand that there's a risk.
Click to expand...

See, I really haven't found something that is an absolute MUST! HAVE! that would cause me to root. The stock rom is 100% functional and does everything I NEED from my phone.
 
SpatiallyAware said:
I emailed the two guys I know who had this happen and will report back on whether they're android users
Click to expand...

Now, I will fully admit my naivete & mistake here. I had recently moved last month, I was w/o internet for a few days, so I used my android phone to try and do the online change of address form for the USPS, which requires a credit card for address verification.

I put in my number and it didn't work, so I just assumed it was b/c it was a mobile browser and not compatible. No biggie.

Here's where things get interesting...Fast forward to the end of March. I get a call from Chase fraud that my CC had been used for 3 gas purchases in Florida...I say I did not make these purchases and they cancel my card number.

So. I have my CC number that I entered into my android-based phone, which got stolen and I get my email hijacked...2 weeks ago...

I've installed quite a few apps, obviously....nothing too crazy or seemingly unverified (tons of downloads) though.

I had a suspicion it could be due to my phone and ran some free virus scanner i found on android market, which came up clean, but still...now i'm really getting paranoid about this.
 
freedomsbeat212 said:
I'd go back to stock in a heartbeat if we had out of the box wifi tethering. It's just too useful to lose - but I understand that there's a risk.
Click to expand...

PdaNet does rootless tethering as long as you aren't dead set on using adhoc wifi (as opposed to bluetooth or USB) for the connection between the phone and the pc.
 
Ditto Saga's post above - I use a similar scheme for password protection. I'd bet that a large number of hijacked accounts are simply because people use the same password in multiple places.
 
Raduque said:
See, I really haven't found something that is an absolute MUST! HAVE! that would cause me to root. The stock rom is 100% functional and does everything I NEED from my phone.
Click to expand...

There's nothing wrong with rooting your phone as long as you understand what it means and what the potential risks are. That article does a good job of telling that side of the story.

For me personally, I don't do anything from my phone that I would consider risky just as a personal rule. I don't log into secure sites or do banking or anything of the sort. The stock ROMs are painfully underpowered and being a UNIX guy, I love to tinker with shit and change stuff and figure out how it works. I fully acknowledge the risks and consider even the worst case scenario to be not that big of an inconvenience to my life.

I do however find it rather dangerous how many people just blindly root their phones without understanding the potential consequences, another thing that article does a good job of detailing. The real problem lies in the users who don't know any better and aren't cautious.
 
Raduque said:
See, I really haven't found something that is an absolute MUST! HAVE! that would cause me to root. The stock rom is 100% functional and does everything I NEED from my phone.
Click to expand...

Well, my wife travels a lot for work so, for us, wifi tethering on our phones is supremely useful.

That's the only killer app I've found, but there are a few useful tricks and tweaks.

I'm agreeing with you though, the convenience is not worth the security risk. The moment there's a verified rom-based security hole is the moment I switch back to stock. I don't want to be paranoid though - at the end of the day it's just a phone and my gmail account...

Though this makes me wonder if I should have two g-accounts, one for mobile use and one for bank accounts/etc.
 
PepePeru said:
Now, I will fully admit my naivete & mistake here. I had recently moved last month, I was w/o internet for a few days, so I used my android phone to try and do the online change of address form for the USPS, which requires a credit card for address verification.

I put in my number and it didn't work, so I just assumed it was b/c it was a mobile browser and not compatible. No biggie.

Here's where things get interesting...Fast forward to the end of March. I get a call from Chase fraud that my CC had been used for 3 gas purchases in Florida...I say I did not make these purchases and they cancel my card number.

So. I have my CC number that I entered into my android-based phone, which got stolen and I get my email hijacked...2 weeks ago...

I've installed quite a few apps, obviously....nothing too crazy or seemingly unverified (tons of downloads) though.

I had a suspicion it could be due to my phone and ran some free virus scanner i found on android market, which came up clean, but still...now i'm really getting paranoid about this.
Click to expand...

Did you tether using pdanet or were you just browsing on the phone? I used the trial and it didn't support httpS, could that be the issue?
 
I realized how important Gmail is.. if I think about it, that has the most sensitive personal info of anything I have online.

My password involves !, numbers and a dash.
 
Key West said:
I realized how important Gmail is.. if I think about it, that has the most sensitive personal info of anything I have online.

My password involves !, numbers and a dash.
Click to expand...

Honestly, the best thing you can do beyond this without going to the extremes that I outlined in a previous post is by making your gmail backup email a different password.. just in case.
 
Weird, I've never had a problem and my password is pretty basic (been the same since I started with Gmail years ago). Does always using https actually make it more secure? I've been doing that for years as well, so maybe. :hmm:

KT
 
So I was checking my gmail and now firefox and chrome say google's certificate is invalid. 😛

Oh and my password is pretty damn long with upper case, lower case, numbers and more than a few symbols. Come and get me China. 🙂
 
irishScott said:
So I was checking my gmail and now firefox and chrome say google's certificate is invalid. 😛

Oh and my password is pretty damn long with upper case, lower case, numbers and more than a few symbols. Come and get me China. 🙂
Click to expand...

If the cert is bad you've got other problems. Somebody is doing a man in the middle on you grabbing all your stuffs.
 
I had another IT friend get hit, also running stock Android. The three people I know who have had their gmail accounts hacked know better than to fall for any of the phishing schemes.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top