|
Is this the right thread to ask about mobile security? I don't see a better thread, but if there is one, my apologies. The other day I was attempting to report a clearly malicious Facebook post on my phone (not targeted at me, it showed up in my feed because someone I don't know had their account hijacked and tagged someone I do know) and accidentally clicked it. I closed it immediately, I don't think the page even really got to load, but according to my history it went to an HTML file on some gibberish S3 host. The link in question was a currently-very-common scam, you've probably seen it. There are lots of news stories about it. This story does say it's a phishing thing, but some other news stories on the same subject suggest the possibility of direct malware delivery. My phone is an in-support flagship Android (Galaxy S22) patched up to date, with the most recent security update installed a few days prior to this event. My phone isn't rooted and isn't allowed to install software from anywhere but official stores, and I haven't installed anything lately. At no point was I redirected to any app store. I freaked out briefly, but had calmed down. However, I went to look at my calendar tonight to check whether an upcoming appointment was on it, and there were virtually no calendar events on it. I checked my account settings and found syncing for all Exchange functions (calendar, email, etc.) turned off. (My work calendar is my main calendar.) This is very strange, I would not do that intentionally and I have never seen it just turn itself off before. I was able to re-enable it and it is working fine. It showed the date and time it was last synced, but unfortunately I didn't think to take note of it except that it was a couple days ago. I don't think there are user-accessible logs of when stuff like that was turned off or on, so I don't think I can get that information anymore. I logged into my account on a desktop PC and checked for unexpected rules or sent messages, but didn't find any of either. I assume an attacker would immediately delete any sent messages from a hijacked account to prevent a victim from noticing, but I've notified my work security people to investigate. I don't know much about mobile security, and I am not really a security guy generally. I don't really have a handle on whether it's plausible for my device to be compromised, how to tell, or what I should be doing either way, nor what the implications are for accounts or other devices on it. I haven't seen any other weird activity on the phone, no weird DNS hijacks that I've noticed, no ad popups or anything like that. I don't see any recently installed or used programs I don't recognize. Samsung's website has instructions for running a security scan, but I don't have the options they say I should be pressing. I would think that if there were a current Android vulnerability allowing drive-by compromise from just clicking a link, there'd be buzz about it, but I don't think there is. I assumed the link was likely to be a phishing attempt to try to get Facebook credentials, but now I don't know, and the timing on this is making me quite nervous. I do have a young kid who is not generally allowed to use my phone unsupervised, but we do stuff like the Wordle together and I can't swear she didn't accidentally press something, or even that I didn't accidentally press something without knowing it. I don't see any unexpected activity on any of my accounts, but, like, I'm not going to see activity from a strange IP address if it's coming from my actual phone that's next to me. EDIT: If you were wondering, Facebook responded to my report, by informing me that the clearly malicious link did not violate their Community Standards. guppy fucked around with this message at 03:10 on May 29, 2023 |
#
¿
May 29, 2023 02:37
|
|
|
|
| # ¿ May 11, 2024 17:30 |
|
|
I don't think I am likely to have been targeted for this, since it's a very common scam and I was neither the person whose account distributed the link nor the person it was distributed to. I have a hard time thinking someone would blow a 0-day on a spray-and-pray drive-by attack. If I were an intentional target, though, I still don't really know what I would do about it. Buy some AV app? Wipe my phone? Get a new phone? Get a new phone and change all my account passwords?
|
|
#
¿
May 29, 2023 02:48
|
|
|
I think I figured out what happened with Exchange, and I feel pretty dumb. I had booted my phone into Safe Mode, which I learned this week is a thing you can do, to double-check that I didn't see any newly installed or unrecognized apps. Safe Mode disables all third-party apps. One of the other things this did is revert my default keyboard from SwiftKey back to the Samsung one, which makes sense since SwiftKey is a third-party app. But apparently it also turns off Exchange syncing. It also leaves a few other lingering changes -- for example, it puts the phone into Airplane Mode, which persists on reboot until you turn it off again. I tested my theory by booting back to Safe Mode and then back to normal. Sure enough, keyboard reverted to default, Airplane Mode was still on, and Exchange sync was disabled again. I don't know why it does this, maybe it uses some kind of Exchange connector provided by Microsoft or something and that constitutes "third-party software" that therefore gets disabled. But it makes me feel quite a bit better, since it means that everything I've seen so far has a benign explanation.
|
|
#
¿
May 29, 2023 10:46
|
|
|
b mad at me posted:so before that you were all "YES ADVERTISE AT ME ALL THE TIME ON ALL WEBSITES!!" No one likes ads, but we tolerated them as the cost of stuff on the Internet being free. Once ads became a security threat, they lost that privilege. The advertising industry made its bed, and now it has to lie in it.
|
|
#
¿
Jul 21, 2023 14:55
|
|