Has my phone been hacked?

Status
Not open for further replies.

hukkus

Distinguished
Dec 19, 2016
42
6
18,535
Hello,

A couple of years ago I had a mobile phone with an old android version. I knew nothing about stagefright vulnerabilities and every video I was receiving on my whatsap was automatically downloaded to my phone.

I received several very strange video messages from the same person. It was weird but I didn't suspect too much about it, as I never thought a phone could be hacked just with a video message. Some weeks ago I heard about stagefright related attacks and I suddenly remembered about those messages. I suspect my phone was hacked, and I would really like to be able to know for sure.

Although I don't use it any more, I still have that phone. And I can imagine that it might have some corrupted files, or some malware installed somewhere if it was actually hacked? And that possibly those files or folders cointain information on where the data from my phone was being sent to (maybe to another phone via SMS)?

If any of you knows how to do this or if there is any advice you could give me on how to have some certainty on what happened, it would be very appreciated!
 
I don't think sms can be used ( would take A LOT of them) , maybe wifi or data transfer. Depends in what state that phone is, but if you are worried and you don't use it, use factory reset.
https://www.androidcentral.com/how-factory-reset-android-phone

if you want to know if anything happened open android stats and check outgoing/incoming statistics, on network and maybe you can check online billing. (i can see I've send 100 sms messages this month for example)
 
Thank you. It's an older version, and I had already used that app, indeed, which found quite a few vulnerabilities. I even texted zimperium about this, but they didn't reply. But the fact that the app finds vulnerabilities just means that you are vulnerable to those kind of attacks.

I don't use that phone any more, so reseting to factory or not doesn't matter too much at this point. What I would like to find out is if my phone was hacked or not. So actually better not to reset it, because as mentioned in original post I guess there should be some traces of the hacking somewhere in the phone files.

Regarding data, yes, at some points I was noticing big amounts of data being used, specially just after switching on the phone after taking flights home from another country for example. But this happened for the last 24-6 months (I have had a new mobile for the last 6 months) and that old phone doesn't show the info any more in "data usage".
 


As I tried to explain in my original message: "I suspect my phone was hacked, and I would really like to be able to know for sure. If any of you knows how to do this or if there is any advice you could give me on how to have some certainty on what happened, it would be very appreciated!"
 


Are you looking to return the phone to known functionality, or are you trying to discover if its been hacked for informational purposes?
 
I am trying to discover if -as it seems to be the case- that guy had access to my phone for a long period of time.

No need to return the phone to the pre-hacking state or anything like that. I am not planning to use it any more.
 
Apparently antivirus are mostly useless to detect stagefright related hackings. You can find quite a few news about stagefright if you google it as it was obviously quite shocking to find out android mobiles being so weak against hacking.

Anyway, I did install antivirus and it didn't find anything. But as I said, it seems that doesn't mean much.
 
Trustlook Stagefight Scan can scan media files, if infected or not, like you could have found in google as well 😉
mcafee as well and many more.
So if you don´t have all media files which you got by MMS and you can´t find a malicous file on your device, you will never know.

"news" were published in 2015, I think any security app which is up to date, would detect a malicious media file on your device, which is designed to use the stagefright exploit.
like:
https://www.mcafee.com/vil/images/MMS_StageFright.jpg
 
Do you think there is any difference between that trustlook stagefright scan and https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector&hl=es ?

Regarding how those attack work: the media file doesn't need to be played. As soon as it is downloaded into your smart phone the malware is somehow (i don't know how or where, that's actually what I am looking for) is installed. So unfortunately that approach you mention wouldn't work...

Thank you anyway for trying to help

 
no media still saved in my phone.

regarding the first link in your previos message, I think it is the same as zimperium one. and in that case it only checks if your phone is vulnerable or not. Not if the vulnerabilities have been used to hack your phone.

I had already tried the second link in your last message. All clean (but we shouldn't expect those apps to detect this)

I will try the first one though, good thing! Although... I guess I would need the sim card to be active for this to make sense? It is not any more. Thus my intention of finding the malware in the phone storage (it should be somewhere, and this is what I was originally asking about, as it should be easier than reactivating that old sim card)
 
If you don´t have any media on it, you can´t detect it anymore with the malware detect apps above.

It´s an exploit which alters the operating system itself, so it is no malware which could be detected by an app. You would have to compare the original Android system of your phone with your "hacked" one completely. I don´t think there is an app available for that.
 
Me neither, that would be very surprising. But if the phone has been hacked -and it seems it has been- I guess there must be some corrupted files somewhere.

Do you know any hackers forum where they can probably be more familiar with this? I am sure the guys doing it know how to detect it as well.
 
youtube, google, bing, ....

in general:
https://android.gadgethacks.com/how-to/tell-if-your-android-has-been-hacked-what-you-can-do-about-it-0166470/

Also I would change my google password if you currently use the same account as before on your new phone.

this forum does not support hacking, therfore I think we are at an end here. Good luck anyways with your phone :)


edit: Did you watch the videos from whatsapp? If not, your phone would be fine. Downloading wouldn´t trigger the exploit there.
Only MMS Service would open it in the background without your knowledge and would infect the phone.
 
Why do you say "Did you watch the videos from whatsapp? If not, your phone would be fine. Downloading wouldn´t trigger the exploit there." I had read the opposite thing -I don't remember where-
 
Status
Not open for further replies.