Remote rooting/unrooting used as hacktool?

Discussion in 'Motorola Droid 3' started by IR8D8R, Feb 4, 2012.

  1. IR8D8R
    Offline

    IR8D8R New Member

    Joined:
    Feb 4, 2012
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
    OK I have been using a Droid 3 Verizon for about 4 months. I had a very serious stealth MBR virus in my PC's at home that resulted in my home network being hijacked. It is similar to Sinowal but hiides instructions for boot in memory somewhere possibly VMM processor IO or so I am told. This has rendered them all useless and I cannot install a new drive or clean any of the old ones without being reinfected. I fount my network connecting to my Droid via Bluetooth and using that to connect to my wireless capable DSL modem after I had pulled the ethernet cables when I figured out there had been a compromise in security. Ever since my phone has not behaved correctly and I became convinced my phone was being accessed as well. This is where it gets weird.
    I don't know if this is possible just what I observed.
    My phone has logs that I accessed through an app I downloaded from Market called Call Blocker Gold. Most apps have a report tab in the application manager but none of mine are active except on this app. Using it to view the system log I saw some things I thought were odd. Like my battery charge current being changed and increased until an overtemp condition was logged with current as high as 4500 mAh which my charger cannot provide. The temperature alert setpoints were then altered to send the phone into a battery overtemp alert and it logged a battery change that did not occur. The batterty got very hot during this and there were also logged reports of jumping between cells until it logged that, and this is not correct verbatim with the log but it seems like it switched between cell sites until the site decided to disregard ID of the signal and allowed access that was not being monitored. This was a rather constant item on the log. Verizon wouldn't really discuss this and I got the idea they didn't know or wouldn't talk about it. They replaced the phone. Same exact thing on the replacement.

    I found log info of connections to an external CD rom device and an indication the phone had been rooted through a remote connection. I have no idea if this can be done. I do not know what the system log normally looks like but attempting to charge my battery at 4500 mAh until it overheats while changing the overheat temp setpoint to make it overheat for sure seems like alien behavior to me. The overheat threshold setting indicated only the number 3 on the log and the temps varied roughly between 200 and 300 without giving a unit. I don't know if it is degrees or just a unit used but it was quite warm to the touch on top of the battery with the cover on and a Trident rubber case on top of that.

    I am in Indonesia on business and my phone was acting different but still odd. I couldn't keep data roaming off it kept being re-enabled and built up $50 in charges the first day. So I decided to use the one-click root myself and see if I gained any control. The root indicated it was successful and the superuser icon appeared. I have access to a superuser settings menu that does basically nothing and a log that is not being filled. The applications menu for superused accessible there is also empty which I read somewhere meant I rooted an already rooted phone or similar to that. There is another superuser app field that I can populate but the apps are just the same as on the standard all apps menu and selecting them here is no different. A day or two later the phone stopped charging and now the battery is at zero and the phone won't boot. Without a phone I had a helluva time finding collegues in downtown Tokyo using only email and WI-FI at Narita airport. If I look in running applications there are a dozen or so that appear always including motorols docking service (I use only a USB cable and rarely attach to a PC). in the states there were always several data collection apps running and if I opened them the names were different on the info inside. For instance if I opened the running IM app I saw "Remote Instant Messaging" running. I use text messaging but not IM. Other applications were things like "Fake Blur" and things I would have called system applications that I don't recognize but the oddest ones stopped running some time back whilke I was still in USA making me think the remote access had stopped. If indeed it ever occurred.

    Tell me I am crazy or misunderstood what was going on... Why would my phone seem to drive my battery intentionally to overheat then show a battery chgange that never happened and then run some utility or bounce between cells until access was granted without id of the signal. Maybe people who don't understand a system shouldn't try to access system logs and interpret them but I got weird feelings from Verizon when I reported the problem and my ISP said to call the FBI when I told them some of my observations on my computers. If I had to summerize what happened I would say a hacker got control of my phone via my PC and was using my phone to access Verizon and Motorola networks. I never download anything other than apps from Market. I have no real desire to use other OS except Verizon and I am content to pay $150 a month for their service. Hacking paranoia is an officially recognized psychosis.

    Was I drinking too much coffee? Mostly both on my PC's and my phone nothing I saw could ever be exported and I couldn't burn CD's on the PC or send any log or program to a flash drive. Data was being exported until all that remained were a version of BART PE and images of my programs with remote addresses. My access was prevented on all system root files. My entire system went from almost a TB to 2GB OS and stored data on XP pro. Everything else was exported using the system migration to adresses I could never identify even to the extent of setting up the connection to wireless through my phone. I did not use wireless on my PC and it had no wireless capability except a Bluetooth dongle that came with a Microsoft Bluetooth mouse. This is what was used to get a duplex connection through my Droid. I did photograph logs from the first Droid and they show the temp thing and the bouncing between cells.

    I have posted on other forums and been advised to do a factory reset or pull my phone battery. My computer skills are fairly advanced and I tried that the first day. This is way way beyond that level

    Anybody that can shed some light on this? Has my phone been hacked or am I just unlucky? Should I unroot if a new battery makes the phone work again? Is there anything I could have done to cause my battery to stop charging or anything to remedy this if the battery is OK? The phone shows 0% battery and won't boot even if connected to the PC or a wall charger. It refused to charge at 50% and just went down over time without being used at all. It took 3 days to die but now won't turn on.

    I have not been able to find a battery in Jakarta but I have another 10 days here and I may order one overnighted to my hotel.

    Thanks,
    IR8D8R in Jakarta for another rainy week of traffic jams.:blink::blink:
  2. Cdjones187
    Offline

    Cdjones187 New Member

    Joined:
    Jul 14, 2010
    Messages:
    573
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Iowa
    Uhh.. Sounds like a bit of paranoia mixed with bad luck. Unless your working for a very high profile company and are under attack by a malicious terrorist group with elite hacking skills everything you said makes little sense TBH. The computer issues are totally possible, but what is happening with your phone sounds like defect. Even though its happened twice may seem almost impossible but keep in mind they did not send you a new phone but a re-manufactured phone.

    I assume you used the same battery in the phone they sent you? And installed all the same apps?

    The battery could quite possibly just be bad. If you plug it in to USB now that it is dead does the light in between the usb and hdmi ports on the phone light up?

    Certain applications your using may also be the cause of it. The system apps you mentioned are all normal services on a stock D3 and can run at any given time without user interaction. The cell tower issue is common when it cannot get a good signal, don't rely on the the signal bar also. It could say you have 1 bar but really mean you have full signal or visa-versa. This will also drain the battery and make the phone 'warm'. To get true signal you need to look at the DB meter in settings>about phone>status.

    As far as I know it is impossible to root ANY phone through a wireless connection let a lone Bluetooth. A usb connection has to be made in order to enable 'ADB' at system level (android debug bridge), there are special pins in the usb cable that do this. (might be wrong about the pins, but I know there are developer cables that will enable ADB automatically even if its disabled in the settings). Whatever you were using for logs I would say doesn't give enough information to come to a conclusion, you need to do a ADB logcat to get what is really going on, no application I know of will give that sort of information. (I take that back there are logcat applications on the market)


    I don't think your phone got hacked at all, there is an explanation for everything that happened and so far I just think its a bad battery. Remember we are talking about Linux here, there are only a handful of viruses (if that) that will successfully infect Android and they aren't cross platform compatible so what your pc has didn't infect your phone. If this is indeed a virus we would/should be hearing about it from more people but this is the first case so far. I frequent multiple android forums and will keep my eye out.

    I would look into a cheap battery from amazon. You can get the stock battery for roughly 7-10 USD. (+shipping of course)


    http://www.amazon.com/Motorola-ELECTRIFY-Battery-SNN5877-SNN5877A/dp/B004QS8F7C/ref=sr_1_1?ie=UTF8&qid=1328485064&sr=8-1

    O
    H and BTW. You may want to summarize what your trying to say, and put information about the issues with the phone only. I'm sure there have been a lot of people that have viewed this that may be able to help more than I can and didnt't read it because it's so long. (I almost didn't read it either)
    Last edited: Feb 5, 2012
  3. IR8D8R
    Offline

    IR8D8R New Member

    Joined:
    Feb 4, 2012
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
    Reply to CDjones187

    Most of this I am aware of and USB has only 4 pins of which 2 are for power I am fairly sure though I don't know if some could be duplicated on different connectors... I know Linux is more secure due to it's relative obscurity. My phone was connected to and operated via the bluetoorh connection and set up to make the duplex connection with the PC so remote operation is possible. When I picked up the phone and pressed a button it displayed the nonword "Panicd" and locked up and would accept no input until I rebooted it via battery pull. Don't know if that is significant.
    I have a couple of questions though regarding how the phone should act normally since this ocurred just weeks after I switched to android from using a Blackberry. On my phone none of the applications except the downloaded app call blocker have their report feature active. Is this normal?
    I did not allow my replacement to reload the backup so I lost any applications that were loaded on the original. I only had a couple anyhow. I did download call blocker again but the free version. I originally had the pro version but didn't download it until over a month after the issue connectiong with the PC. I was aware that the Bluetooth radio for my mouse was capable of supporting other connections because my phone was paired with it. I had never been successful at getting the two connected so it didn't occur to me that this could happen. Much less making a duplex connection and wirelessly connecting to the internet, It was only about an hour after I discovered that my PC had been accessed and pulled the ethernet cable that I picked up my phone to make a call and saw some connection related graphic on the screen and as soon as I pushed a button it froze and displayed the Panicd then the screen went blank and I needed to pull the battery. So specifically the phone was accessed by the PC with which it had already been paired and then exhibited odd behavior such as the wireless turning on by itself and applications I thought were odd running. When I get my hands on another battery I can be more specific about those because they are still listed. I suppose each could be tied to functions that are part of normal operation but they were not there to begin with and are not Market applications.

    I am absolutely certain that paranoia is involved but not 100% at least with my computers. I tried to view a video on welding titanium bicycle frames on a commercial frame maker's site and was infected by a virus and then within minutes was hit with a swarm of virus notifications. Next day the remote access started after my antivirus said it had successfully cleaned everything. I have 4 PC's and 8 hard drives infected with something I can't get rid of by changing all the drives for brand new ones or formatting. I load an OS and it is infected immediately or more correctly the operating system will not load normally as if the abbreviated PE based program is loading from somewhere on my system. Only way to see this is by viewing the disk from a program that will show you the first 63 sectors and offsets then check every line of the boot instructions. You hit dead ends. I don't know what it means but it is not correct as far as what some online stuff shows it should be like. Either that or I am going crazy...

    IR8D8R
  4. IR8D8R
    Offline

    IR8D8R New Member

    Joined:
    Feb 4, 2012
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
    I charged my battery independent of the phone and my battery is OK. Just the phone doesn't charge it. My service has been suspended by Verizon probably because I am in Indonesia. My Paypal is limited too and any other service I use probably would be if I used it from here. I did tell Verizon via email when I activated my Global service but apparently they couldn't connect the two things. I can text but not call which is just as well since it's so expensive. I think I will need to be in the US to get an idea of what normal communication is like with Motorola's Blur servers. What I need to know is do any of the applications normally on the phone by default have the report function enabled? none of mine do though the option is present. it is inactive on every single application I have except one

    IR8D8R
Search tags for this page
android remote im service
,
hack with android unrooted
,
how to stop someone hacking my phone with fake apps
,

remote im service

,

remote im service android

,

remote rooting

,
remote rooting android
,
remoteimservice
,
unrooted hack tool
,
what is remote im on droid
,

what is remote im service

,
what is remote im service?