• We should now be fully online following an overnight outage. Apologies for any inconvenience, we do not expect there to be any further issues.

Gmail accounts being hijacked like crazy

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
Raduque

Raduque

Lifer
Aug 22, 2004
13,140
138
106
freedomsbeat212 said:
This is why I don't install banking apps (and the Bank of America one gets great reviews) - I love android and don't assume that it's not secure, but rooting seems like it open a pandora's box of risk. I mean, how hard would it be to add a keylogger to that pretty theme download? Or to replace the stock gmail app with a compromised one. I enjoy the benefits quite a bit so it's a mixed bag for me.
Click to expand...

That's why whenever somebody asks questions about, or recommends somebody root their android phone, I always post this link: http://androidandme.com/2009/09/hacks/why-not-everyone-should-root-their-android-phones/
 
Raduque

Raduque

Lifer
Aug 22, 2004
13,140
138
106
freedomsbeat212 said:
I'd go back to stock in a heartbeat if we had out of the box wifi tethering. It's just too useful to lose - but I understand that there's a risk.
Click to expand...

See, I really haven't found something that is an absolute MUST! HAVE! that would cause me to root. The stock rom is 100% functional and does everything I NEED from my phone.
 
PepePeru

PepePeru

Diamond Member
Jul 21, 2005
3,846
0
0
SpatiallyAware said:
I emailed the two guys I know who had this happen and will report back on whether they're android users
Click to expand...

Now, I will fully admit my naivete & mistake here. I had recently moved last month, I was w/o internet for a few days, so I used my android phone to try and do the online change of address form for the USPS, which requires a credit card for address verification.

I put in my number and it didn't work, so I just assumed it was b/c it was a mobile browser and not compatible. No biggie.

Here's where things get interesting...Fast forward to the end of March. I get a call from Chase fraud that my CC had been used for 3 gas purchases in Florida...I say I did not make these purchases and they cancel my card number.

So. I have my CC number that I entered into my android-based phone, which got stolen and I get my email hijacked...2 weeks ago...

I've installed quite a few apps, obviously....nothing too crazy or seemingly unverified (tons of downloads) though.

I had a suspicion it could be due to my phone and ran some free virus scanner i found on android market, which came up clean, but still...now i'm really getting paranoid about this.
 
J

Jzero

Lifer
Oct 10, 1999
18,834
1
0
freedomsbeat212 said:
I'd go back to stock in a heartbeat if we had out of the box wifi tethering. It's just too useful to lose - but I understand that there's a risk.
Click to expand...

PdaNet does rootless tethering as long as you aren't dead set on using adhoc wifi (as opposed to bluetooth or USB) for the connection between the phone and the pc.
 
DrPizza

DrPizza

Administrator Elite Member Goat Whisperer
Mar 5, 2001
49,601
167
111
www.slatebrookfarm.com
Ditto Saga's post above - I use a similar scheme for password protection. I'd bet that a large number of hijacked accounts are simply because people use the same password in multiple places.
 
Platypus

Platypus

Lifer
Apr 26, 2001
31,046
321
136
Raduque said:
See, I really haven't found something that is an absolute MUST! HAVE! that would cause me to root. The stock rom is 100% functional and does everything I NEED from my phone.
Click to expand...

There's nothing wrong with rooting your phone as long as you understand what it means and what the potential risks are. That article does a good job of telling that side of the story.

For me personally, I don't do anything from my phone that I would consider risky just as a personal rule. I don't log into secure sites or do banking or anything of the sort. The stock ROMs are painfully underpowered and being a UNIX guy, I love to tinker with shit and change stuff and figure out how it works. I fully acknowledge the risks and consider even the worst case scenario to be not that big of an inconvenience to my life.

I do however find it rather dangerous how many people just blindly root their phones without understanding the potential consequences, another thing that article does a good job of detailing. The real problem lies in the users who don't know any better and aren't cautious.
 
S

slackerinabox

Lifer
Mar 15, 2003
12,668
103
106
Raduque said:
See, I really haven't found something that is an absolute MUST! HAVE! that would cause me to root. The stock rom is 100% functional and does everything I NEED from my phone.
Click to expand...

Well, my wife travels a lot for work so, for us, wifi tethering on our phones is supremely useful.

That's the only killer app I've found, but there are a few useful tricks and tweaks.

I'm agreeing with you though, the convenience is not worth the security risk. The moment there's a verified rom-based security hole is the moment I switch back to stock. I don't want to be paranoid though - at the end of the day it's just a phone and my gmail account...

Though this makes me wonder if I should have two g-accounts, one for mobile use and one for bank accounts/etc.
 
S

slackerinabox

Lifer
Mar 15, 2003
12,668
103
106
PepePeru said:
Now, I will fully admit my naivete & mistake here. I had recently moved last month, I was w/o internet for a few days, so I used my android phone to try and do the online change of address form for the USPS, which requires a credit card for address verification.

I put in my number and it didn't work, so I just assumed it was b/c it was a mobile browser and not compatible. No biggie.

Here's where things get interesting...Fast forward to the end of March. I get a call from Chase fraud that my CC had been used for 3 gas purchases in Florida...I say I did not make these purchases and they cancel my card number.

So. I have my CC number that I entered into my android-based phone, which got stolen and I get my email hijacked...2 weeks ago...

I've installed quite a few apps, obviously....nothing too crazy or seemingly unverified (tons of downloads) though.

I had a suspicion it could be due to my phone and ran some free virus scanner i found on android market, which came up clean, but still...now i'm really getting paranoid about this.
Click to expand...

Did you tether using pdanet or were you just browsing on the phone? I used the trial and it didn't support httpS, could that be the issue?
 
Key West

Key West

Banned
Jan 20, 2010
922
0
0
I realized how important Gmail is.. if I think about it, that has the most sensitive personal info of anything I have online.

My password involves !, numbers and a dash.
 
Saga

Saga

Banned
Feb 18, 2005
2,718
1
0
Key West said:
I realized how important Gmail is.. if I think about it, that has the most sensitive personal info of anything I have online.

My password involves !, numbers and a dash.
Click to expand...

Honestly, the best thing you can do beyond this without going to the extremes that I outlined in a previous post is by making your gmail backup email a different password.. just in case.
 
KeithTalent

KeithTalent

Elite Member | Administrator | No Lifer
Administrator
Nov 30, 2005
50,231
118
116
Weird, I've never had a problem and my password is pretty basic (been the same since I started with Gmail years ago). Does always using https actually make it more secure? I've been doing that for years as well, so maybe. :hmm:

KT
 
irishScott

irishScott

Lifer
Oct 10, 2006
21,562
3
0
So I was checking my gmail and now firefox and chrome say google's certificate is invalid. :p

Oh and my password is pretty damn long with upper case, lower case, numbers and more than a few symbols. Come and get me China. :)
 
S

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
irishScott said:
So I was checking my gmail and now firefox and chrome say google's certificate is invalid. :p

Oh and my password is pretty damn long with upper case, lower case, numbers and more than a few symbols. Come and get me China. :)
Click to expand...

If the cert is bad you've got other problems. Somebody is doing a man in the middle on you grabbing all your stuffs.
 
irishScott

irishScott

Lifer
Oct 10, 2006
21,562
3
0
Yeah just logged on with my laptop, everything's fine. Desktop's been having problems lately anyway, probably related.
 
SpatiallyAware

SpatiallyAware

Lifer
Sep 7, 2009
12,960
3
0
I had another IT friend get hit, also running stock Android. The three people I know who have had their gmail accounts hacked know better than to fall for any of the phishing schemes.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom