Remote rooting/unrooting used as hacktool?
OK I have been using a Droid 3 Verizon for about 4 months. I had a very serious stealth MBR virus in my PC's at home that resulted in my home network being hijacked. It is similar to Sinowal but hiides instructions for boot in memory somewhere possibly VMM processor IO or so I am told. This has rendered them all useless and I cannot install a new drive or clean any of the old ones without being reinfected. I fount my network connecting to my Droid via Bluetooth and using that to connect to my wireless capable DSL modem after I had pulled the ethernet cables when I figured out there had been a compromise in security. Ever since my phone has not behaved correctly and I became convinced my phone was being accessed as well. This is where it gets weird.
I don't know if this is possible just what I observed.
My phone has logs that I accessed through an app I downloaded from Market called Call Blocker Gold. Most apps have a report tab in the application manager but none of mine are active except on this app. Using it to view the system log I saw some things I thought were odd. Like my battery charge current being changed and increased until an overtemp condition was logged with current as high as 4500 mAh which my charger cannot provide. The temperature alert setpoints were then altered to send the phone into a battery overtemp alert and it logged a battery change that did not occur. The batterty got very hot during this and there were also logged reports of jumping between cells until it logged that, and this is not correct verbatim with the log but it seems like it switched between cell sites until the site decided to disregard ID of the signal and allowed access that was not being monitored. This was a rather constant item on the log. Verizon wouldn't really discuss this and I got the idea they didn't know or wouldn't talk about it. They replaced the phone. Same exact thing on the replacement.
I found log info of connections to an external CD rom device and an indication the phone had been rooted through a remote connection. I have no idea if this can be done. I do not know what the system log normally looks like but attempting to charge my battery at 4500 mAh until it overheats while changing the overheat temp setpoint to make it overheat for sure seems like alien behavior to me. The overheat threshold setting indicated only the number 3 on the log and the temps varied roughly between 200 and 300 without giving a unit. I don't know if it is degrees or just a unit used but it was quite warm to the touch on top of the battery with the cover on and a Trident rubber case on top of that.
I am in Indonesia on business and my phone was acting different but still odd. I couldn't keep data roaming off it kept being re-enabled and built up $50 in charges the first day. So I decided to use the one-click root myself and see if I gained any control. The root indicated it was successful and the superuser icon appeared. I have access to a superuser settings menu that does basically nothing and a log that is not being filled. The applications menu for superused accessible there is also empty which I read somewhere meant I rooted an already rooted phone or similar to that. There is another superuser app field that I can populate but the apps are just the same as on the standard all apps menu and selecting them here is no different. A day or two later the phone stopped charging and now the battery is at zero and the phone won't boot. Without a phone I had a helluva time finding collegues in downtown Tokyo using only email and WI-FI at Narita airport. If I look in running applications there are a dozen or so that appear always including motorols docking service (I use only a USB cable and rarely attach to a PC). in the states there were always several data collection apps running and if I opened them the names were different on the info inside. For instance if I opened the running IM app I saw "Remote Instant Messaging" running. I use text messaging but not IM. Other applications were things like "Fake Blur" and things I would have called system applications that I don't recognize but the oddest ones stopped running some time back whilke I was still in USA making me think the remote access had stopped. If indeed it ever occurred.
Tell me I am crazy or misunderstood what was going on... Why would my phone seem to drive my battery intentionally to overheat then show a battery chgange that never happened and then run some utility or bounce between cells until access was granted without id of the signal. Maybe people who don't understand a system shouldn't try to access system logs and interpret them but I got weird feelings from Verizon when I reported the problem and my ISP said to call the FBI when I told them some of my observations on my computers. If I had to summerize what happened I would say a hacker got control of my phone via my PC and was using my phone to access Verizon and Motorola networks. I never download anything other than apps from Market. I have no real desire to use other OS except Verizon and I am content to pay $150 a month for their service. Hacking paranoia is an officially recognized psychosis.
Was I drinking too much coffee? Mostly both on my PC's and my phone nothing I saw could ever be exported and I couldn't burn CD's on the PC or send any log or program to a flash drive. Data was being exported until all that remained were a version of BART PE and images of my programs with remote addresses. My access was prevented on all system root files. My entire system went from almost a TB to 2GB OS and stored data on XP pro. Everything else was exported using the system migration to adresses I could never identify even to the extent of setting up the connection to wireless through my phone. I did not use wireless on my PC and it had no wireless capability except a Bluetooth dongle that came with a Microsoft Bluetooth mouse. This is what was used to get a duplex connection through my Droid. I did photograph logs from the first Droid and they show the temp thing and the bouncing between cells.
I have posted on other forums and been advised to do a factory reset or pull my phone battery. My computer skills are fairly advanced and I tried that the first day. This is way way beyond that level
Anybody that can shed some light on this? Has my phone been hacked or am I just unlucky? Should I unroot if a new battery makes the phone work again? Is there anything I could have done to cause my battery to stop charging or anything to remedy this if the battery is OK? The phone shows 0% battery and won't boot even if connected to the PC or a wall charger. It refused to charge at 50% and just went down over time without being used at all. It took 3 days to die but now won't turn on.
I have not been able to find a battery in Jakarta but I have another 10 days here and I may order one overnighted to my hotel.
IR8D8R in Jakarta for another rainy week of traffic jams.:blink::blink: