texasPI
Member
This is true. My home IP shows that I'm in Florida. Not too worried. Btw, I use the full 100 characters google allowa for a password...lol. I don't know it but I use roboform so I don't have to know it.
4 months with droid, now my gmail hacked....
- Thread starter blucrewfan
- Start date
This is true. My home IP shows that I'm in Florida. Not too worried. Btw, I use the full 100 characters google allowa for a password...lol. I don't know it but I use roboform so I don't have to know it.
Here is the article about this one:
Drug-dealing Spammers Hit Gmail Accounts - PCWorld Business Center
I think it's very possible the mobile device was the way they got the password, as mentioned before everything else is secured.
Google groups discussion on this: Argh spam sent from my email address, hacked? - Gmail Help
Drug-dealing Spammers Hit Gmail Accounts - PCWorld Business Center
I think it's very possible the mobile device was the way they got the password, as mentioned before everything else is secured.
Google groups discussion on this: Argh spam sent from my email address, hacked? - Gmail Help
Droids
Member
- Joined
- Nov 23, 2009
- Messages
- 792
- Reaction score
- 0
I doubt this has anything to do with using an Android 'Google Experience' cell phone. It's most likely occuring when web sites get hacked and userid's and passwords are stolen. If this occurs on a web site where you are a member, and you use the same password to log into that site as you do for your Google account, then your gmail account is compromised.
There is also concern that the IP addresses that the spammers are using are mobile IPs. The spammers are probably tethering a computer to a cell phone, thus the source is a mobile IP. It doesn't mean YOUR mobile IP or cell phone is in anyway involved.
Just make sure your google password is unique to google, not used anywhere else, and that it's a strong password or pass-phrase. My google passsword is unique but it's not all that secure, and I'm going to go fix that right now.
There is also concern that the IP addresses that the spammers are using are mobile IPs. The spammers are probably tethering a computer to a cell phone, thus the source is a mobile IP. It doesn't mean YOUR mobile IP or cell phone is in anyway involved.
Just make sure your google password is unique to google, not used anywhere else, and that it's a strong password or pass-phrase. My google passsword is unique but it's not all that secure, and I'm going to go fix that right now.
Every password I have is unique including Gmail, so it could not be retrieved that way. I am not saying it has to be the mobile device, but currently it is all I can come up with.
I have had Gmail for 4-5 years and never once has it been hacked, I got the Droid a few months ago and now it happened to get hacked, so it may be related.
SoftwareForMe.com
Member
I've heard of people having problems like this recently--Google accounts appearing to be accessed by an unauthorized user. I never considered that it could be related to Android, as most of the people I know use GMail whether they have Android phones or not.
But, now that I think of it, I believe the people I remember mentioning this do indeed have Android devices.
I have always wondered what mis-use might crop up from the Android Market. How often do we download apps just to check them out, and notice that even something simple like a compass or calculator often asks for permission to access GPS location, Account info, Full internet and more.
Consequently, PhoneMyPC requests no permissions that aren't obviously required, and it does not gather any personal data (such as account info). There is no way PhoneMyPC could be part of a Google account hack.
But, now that I think of it, I believe the people I remember mentioning this do indeed have Android devices.
I have always wondered what mis-use might crop up from the Android Market. How often do we download apps just to check them out, and notice that even something simple like a compass or calculator often asks for permission to access GPS location, Account info, Full internet and more.
Consequently, PhoneMyPC requests no permissions that aren't obviously required, and it does not gather any personal data (such as account info). There is no way PhoneMyPC could be part of a Google account hack.
Another echo here.
I have had gmail for over 5 years, never had any issues, got my droid about 1.5 months ago now and a few days ago noticed log in activity from south korea and china...I changed my passwords but I def think this has to do with the droid.
I have had gmail for over 5 years, never had any issues, got my droid about 1.5 months ago now and a few days ago noticed log in activity from south korea and china...I changed my passwords but I def think this has to do with the droid.
My gmail account got 'hacked' this morning. I am a Droid user.
I've had gmail since I can't even remember when (some time in 2004).
I've never had any problems with my account or password security.
I work in IT and I am well aware of phishing and spyware (keyloggers, etc).
I bought a Droid a couple months ago and I love it. I had to replace it a couple weeks ago due to an accident so either someone at Verizon or wherever the 'non-working' phones go found a way to access my account or a Droid application stole my info and sent it on to some jerk in England and/or Nigeria.
When I looked at the 'activity' information for my gmail account, the IP address traced back to Nigeria (82.128.122.242). They also then requested a password change for my facebook account (which facebook authorized despite coming from Nigeria).
Anyway, I suspect the Droid app because I only recently started re-downloading apps. I added a couple over the last few days and one seemed rather 'fishy' to me.
I can't even remember which one it was but it asked for my username and password. I thought it odd at the time but I supplied it anyway. Now I can remember which one it was.
My thought is that the app is harvesting account names and passwords. I'm clearing out all the apps that I recently installed and I'm considering a complete wipe of the phone.
My password was strong and wasn't simply guessed. It had a mix of upper case, lowercase, numbers and characters and was nine characters long.
I don't know how anyone could brute force a gmail password to begin with and not one that can't simply be guessed. It would have had to have been phished from me and the only place I've put that password, aside from the gmail interface on my home and work computers, would be my Droid phone.
- Joined
- Nov 18, 2009
- Messages
- 11,104
- Reaction score
- 28
- Current Phone Model
- iPhone 7+ 256gb
Thank you for your very insightful reply.
I would also suggest that either scenario is possible at the moment. If the Droid market offers a program that contains malicious code that gathers passwords (like a keylogger) that isn't phishing it's hacking.
I haven't been able to determine the exact nature of the security breach but I did want to share my concerns/experience.
Mikejl
Member
It doesn't matter, gmail.com uses SSL. The password leaves the browser encrypted, not clear text.
Although, I'm not sure on the droid...
Mike
Last edited:
LifesPaths
New Member
- Joined
- Jul 6, 2010
- Messages
- 4
- Reaction score
- 0
Security Guy Input
I read this entire thread and with noticing some things on my own droid along with working in the field I thought I'd throw my 2 cents in.
First, a "hacked phone" is rather vague. Any application you install on your phone can do whatever it wants if you allow it to. This means if you download/install an app that brags "pretty girls" just to see what its about, then delete it, the app had the opportunity to plant code to collect whatever information it could get. i.e. I would first focus on the apps.
Next, just getting the droid and then having your google account hacked doesn't mean the droid was hacked. However, it could! It's very difficult to determine without some serious investigation. You should take note however getting the droid could simply be "exposing" your existence to the bad guys. From there, they may say "Ohhh, a new target!" and then start their attack on your Google account from *other* means (i.e. not your phone).
Also, who the hell knows what's going on in Verizon's backend. A rogue employee, buggy code, whatever, could expose your account. The password can be hacked outside, later, after the fact.
I've also seen a youtube video (watch?v=mpZgw5Db2ok) that blames Skype Mobile. I'm still looking into this one.
The advice posted so far has been very good so I'm including it with some of my own tips:
- Choose good passwords or better yet, use a PassPhrase
- Monitor your account activity and from where
- Consider getting another Google account explicitly for downloading apps
(causes a hassle if you pay for apps though)
- Consider not using the GMail app but rather the browser to access email
You'll be a little more certain httpS is used.
- If you're advanced/experienced, consider packet-sniffing all traffic going
out through your WiFi connection (when your phone is connected).
This may shed some light onto "background" activity from the phone.
- DO NOT store passwords on the phone. I know you're tempted, but
unless you know you don't have a rogue app, they're all susceptible.
In fact, the tool you use to remember your passwords, how sure are
you of *its* ability to protect the info?
- If there is a way (I'm new to Droid, so I don't know), back up your
phone, then factory reset it, install an app you're interested in, test it
out, and then only if you're satisfied, restore your phone and install the
app again. This is a major hassle but can be a life saver if you do
download a rogue app. (Anyone know if there is a way to "snapshot"
the droid and restore that "snapshot"?)
Most of all, use common sense. These phones are meant to connect you to the cloud but information security in cloud computing has, unfortunately, been an after thought. Don't provide any information into the phone/cloud unless you're prepared for disaster.
Be Safe.
--LP
I read this entire thread and with noticing some things on my own droid along with working in the field I thought I'd throw my 2 cents in.
First, a "hacked phone" is rather vague. Any application you install on your phone can do whatever it wants if you allow it to. This means if you download/install an app that brags "pretty girls" just to see what its about, then delete it, the app had the opportunity to plant code to collect whatever information it could get. i.e. I would first focus on the apps.
Next, just getting the droid and then having your google account hacked doesn't mean the droid was hacked. However, it could! It's very difficult to determine without some serious investigation. You should take note however getting the droid could simply be "exposing" your existence to the bad guys. From there, they may say "Ohhh, a new target!" and then start their attack on your Google account from *other* means (i.e. not your phone).
Also, who the hell knows what's going on in Verizon's backend. A rogue employee, buggy code, whatever, could expose your account. The password can be hacked outside, later, after the fact.
I've also seen a youtube video (watch?v=mpZgw5Db2ok) that blames Skype Mobile. I'm still looking into this one.
The advice posted so far has been very good so I'm including it with some of my own tips:
- Choose good passwords or better yet, use a PassPhrase
- Monitor your account activity and from where
- Consider getting another Google account explicitly for downloading apps
(causes a hassle if you pay for apps though)
- Consider not using the GMail app but rather the browser to access email
You'll be a little more certain httpS is used.
- If you're advanced/experienced, consider packet-sniffing all traffic going
out through your WiFi connection (when your phone is connected).
This may shed some light onto "background" activity from the phone.
- DO NOT store passwords on the phone. I know you're tempted, but
unless you know you don't have a rogue app, they're all susceptible.
In fact, the tool you use to remember your passwords, how sure are
you of *its* ability to protect the info?
- If there is a way (I'm new to Droid, so I don't know), back up your
phone, then factory reset it, install an app you're interested in, test it
out, and then only if you're satisfied, restore your phone and install the
app again. This is a major hassle but can be a life saver if you do
download a rogue app. (Anyone know if there is a way to "snapshot"
the droid and restore that "snapshot"?)
Most of all, use common sense. These phones are meant to connect you to the cloud but information security in cloud computing has, unfortunately, been an after thought. Don't provide any information into the phone/cloud unless you're prepared for disaster.
Be Safe.
--LP
EbE404
Member
- Joined
- Feb 20, 2010
- Messages
- 407
- Reaction score
- 0
Most reactions - Past 7 days
-
36 -
28 -
25 -
21 -
19 -
16 -
14 -
2 -
M
1
