Ask Slashdot: How Can I Protect My Android Devices From Hackers? 295
A reader writes "My Android phone (an unrooted OptimusV running 2.2.2) and my Android tablet (Arnova 7g3 running 4.1) have been subjected to hacking via either 'forced Bluetooth attack' or through the Wi-Fi signals in the home where I currently rent a room. I got an Android phone at the start of this year after my 'feature phone' was force Bluetooth hacked hoping for better security, yet I still have major security issues. For instance, my Optimus's Wi-Fi again shows an error, although I am sure that a hack is causing this since when I reset the device when it's out of range from this home's signal the Wi-Fi works fine. And now the tablet (as of recently) can't access this home's open Wi-Fi, though it works fine when at other outside hot-spots. So, my question is: Are there any good (free?) security apps out there that would actually prevent this from occurring? It's not like I'm doing nefarious things on the internet, I just want to keep it private."
open WiFi? (Score:5, Informative)
if you don't use bluetooth turn it off; as for wifi there are lots of reasons why it won't work (overcrowded airspace, microwaves that interfere, etc). If you are not using WPA2; then you need to upgrade. I would try changing the channel your wifi is on as well (e.g. if it is 6 now, go to 1 or 11)
Re:open WiFi? (Score:5, Insightful)
100%, absolutely, positively, this. There is no app out there that will effectively protect you from yourself -- and, make no mistake, it is you creating the problem. If you run around roaming from AP to AP, run unsecured at home (what?!), and leave your BT on even when not in use, you're gonna have a bad time.
Re: (Score:3, Insightful)
100%, absolutely, positively, this. There is no app out there that will effectively protect you from yourself -- and, make no mistake, it is you creating the problem. If you run around roaming from AP to AP, run unsecured at home (what?!), and leave your BT on even when not in use, you're gonna have a bad time.
What good is Bluetooth if I have to turn it on every time I want to use it and then turn it off again when I'm done? At work my phone pairs to a Bluetooth speaker, when I'm on the train it pairs to my Bluetooth headset, when I'm driving it pairs to my car audio system. If I have to mess with my phone to turn Bluetooth on and off each time I want to use it, I may as well just plug in a cable.
Re: (Score:3)
What good is Bluetooth if I have to turn it on every time I want to use it and then turn it off again when I'm done?
He said Bluetooth sucks. I don't think he is here to give you a sales pitch for it.
I have yet to find a Bluetooth gadget that was worth the extra battery drain. YMMV.
Re: (Score:2)
Re: (Score:3)
Re: (Score:3)
Re:open WiFi? (Score:5, Insightful)
Re:open WiFi? (Score:5, Funny)
I shouldn't have to lock my car but I lock it and most people would agree that I'd be stupid if I left my car unlocked.
Yay, car analogy!
Re: (Score:2)
Yay, car analogy!
But on a day I don't have any mod points for car analogies. :-(
Comment removed (Score:4, Informative)
Try.. (Score:5, Insightful)
I am not convinced you are being 'hacked'.
Re:Try.. (Score:4, Insightful)
Exactly. I would recommend to dial back the paranoia, not every bug is evidence of being hacked. Unfortunately the WiFi stack of Android is absolutely full of bugs, but most only cause a bad connection or a disconnect.
That being said, Android 2.2 is way out of date, and you should not consider it secure in any sense of the word. Watch the information that you put on your phone, including login data. And there is nothing you can do about it, except complain to the manufacturer about it not being "fit for purpose".
Re:Try.. (Score:5, Informative)
Knowing the phone and the OS level, It's not being hacked. it's the craptastic phone and out of Date OS.
2.2.2 had MAJOR problems with wifi. the phone needs to be sold and buy a unlocked nexus from google.
Re:Try.. (Score:4, Informative)
I'll second this. I have an old crummy original 'drioid Motorola A855 and that still runs 2.2.3. There was never any further updates for it from .2 to .3 and the unsecured WiFi is completely unusable. It works passably on WEP and WPA2 but unsecured never worked right. If it ever would connect, it would time out or lock up after a few minutes of operation. Totally suck-tastic.
Re:Try.. (Score:4, Informative)
You have an original OG Droid and you are still complaining about it now? The phone is ancient and should have been replaced a long time ago. That being said, it is also completely unlocked and one of the easiest phones to upgrade the OS on. Check out Cyanogen Mod or Project Elite for a whole new experience on the phone and repurpose it as a useful WiFi based media device.
http://www.droidforums.net/forum/project-elite/ [droidforums.net]
http://rootzwiki.com/forum/205-projectelite/ [rootzwiki.com]
http://www.cyanogenmod.com/devices/motorola-droid [cyanogenmod.com]
Re: (Score:2)
Re: (Score:3)
Or he could install CM7.2 (everything works) or CM9 Beta (with no USB tethering), and unroot the device.
Re: (Score:2)
Re: (Score:2)
The claims are truly dubious. I can't find any evidence of there being hacks available for the Optimus V or stock Android 2.2, and even if there were the phone is only discoverable for 60 seconds during which the attack would need to be launched.
What was the result of this hack? Can the questioner provide any details?
Basically as long as you only install apps from Google Play you should be fine. The problems with his home wifi sound like a router problem because clearly the phone can connect to other access
Re:Try.. (Score:5, Insightful)
Re: (Score:2)
Re: (Score:3)
The HuffPo link references the NFC 'hack' that refers to a device state that describes roughly 0% of Android phones in the field (ie, pre-Android 4.x with NFC enabled). Basically non-news in the world of phone exploits.
While I certainly feel for you, I (as do many others here) truly believe this is a very specific situation in which a conclusion of hacking was jumped to far too quickly, and probably erroneously; the evidence is too anecdotal and not technical enough.
Re:Try.. (Score:4, Informative)
you have a junk phone with known problems running a very out of date OS. you at LEAST should be upgraded to 2.3.3 to fix most of the problems you are seeing.
Re: (Score:2)
I rooted mine and am MUCH happier with it now.
Re: (Score:2)
Doesn't Virgin offer unlimited 3G data, still? Turn wifi off entirely.... Can't remember the last time I used it on my cell phone, and it's plenty fast enough to handle everything I want to do with data.
Re: (Score:3)
CM7, 9 [cyanogenmod.com]
Re: (Score:2)
Re: (Score:2)
Indeed. My android phone has done this kind of crap since the day I got it. It's a feature.
Re: (Score:2)
Re: (Score:2)
A few tips.... (Score:5, Informative)
Re: (Score:2)
Re: (Score:3)
How to prevent being hacked (Score:3, Funny)
Turn the devices off.
Faraday (Score:5, Funny)
Some tips: (Score:5, Informative)
Be wary of "any ol' bob's" android distro. Try to stay mainstream and stay up to date. If you're not using bluetooth, turn it off. If your vendor's version of Android isn't as secure as it could be complain with much loudness, if you don't get satisfaction switch vendors.
Your Wifi issues seem to me to be related more to your AP than the devices themselves. Perhaps try a different AP/Router?
I'm not sure how you could be sure a hack is causing a Wifi error. Even if it popped up and said "Hi! Your wifi is disabled because we're haxoring you" I'd be skeptical. You should try some of the mainstream android support forums with that and see what they say.
Good luck!
Re: (Score:3)
I've had a similar wifi issue with my phone (Nexus S) maintaining a connection to a home network running one of those ISP provided all-in-one router/modems. The solution was to turn off "Avoid Poor Connections" in Settings > Wi-Fi> Advanced.
Re: (Score:2)
That seems logical... from the AP standpoint having a low signal device trying to get its share of time can drag down the performance of the rest of the connections to the AP. If your phone is the only or one of the only devices connecting then it wouldn't matter(as much). A lot of times the AP will continually kick low signal devices if the threshold is set even marginally strict, so that it doesn't have to degrade the connectivity of the faster connections.
If you're on a low power device across the house
Re: (Score:2)
Short-range attacks (Score:5, Informative)
If the vectors you're being "hacked" through are BlueTooth or WiFi, it would seem that they're both occurring from fairly close to your physical location. Maybe you should figure out which of your housemates is hacking your devices and take appropriate action.
Re:Short-range attacks (Score:4, Funny)
Maybe you should figure out which of your housemates is hacking your devices and take appropriate action.
Like, deleting his porn?
You're blocked. (Score:4, Informative)
Correlation is not causation.
You assume that since you were hacked via bluetooth before at a particular place (maybe) that since your connection to an unsecured wifi hotspot (!!! seriously? you're *really* worried about getting hacked but you're connecting to an open wifi connection?) doesn't work, it must be because of hacking.
Most routers have the ability to allow specific MAC addresses to connect, and to deny connections to MAC addresses not in that list. My guess is that's what's going on...hard to say, since you didn't mention whether you spoke to the person who pays for the internet connection associated with the previously-mentioned wireless access point.
Re: (Score:2)
Why is connecting to an open WiFi access point a security problem? The device should never trust the network.
Re: (Score:2)
By "waaaaaaaaaaay harder" you mean a few days of GPU cracking?
Re: (Score:2)
I wish I had mod points. Unless the submitter has direct evidence that he was hacked via Bluetooth (astoundingly, not just once, but twice on completely different devices that would require entirely different attack vectors / exploits), then I seriously doubt his device is being compromised in that way. I also find it very unlikely that WiFi was used to gain access to his device either.
I question what kinds of apps, modifications, custom roms, etc, this person is using, or if anyone that has access to his
Re: (Score:2)
Move? (Score:2, Insightful)
I know it may not be real practical but if your roomates or close neighbors are hacking you all the time this might not be a very good establishment? I wonder what their motives are and if they can be trusted outside the digital realm as well. I'm also skeptical as to whether or not you are really being hacked. These things aren't that easy. I don't see how any non root app is going to be able to solve security problems which appear to be a problem of the OS.
Re: (Score:2)
Umm... (Score:2, Informative)
I think your problem is the "Open WiFi" in your house instead of your device. Maybe it's too overloaded to actually provide service with everyone using it.
Ask your housemates to secure the wifi connection or don't use it.
Why are you a target? (Score:5, Interesting)
Why are you a target? If you are actually a victim here, and not some person suffering from paranoid delusions, what makes you worthy of the risk of a close range attack?
Re: (Score:2)
Re:Why are you a target? (Score:5, Insightful)
Re: (Score:3, Informative)
Re: (Score:2)
Re: (Score:3)
"Like I posted before, thanks for your 'input'. I'm as sane as anyone else is"
Look, that's precisely the problem with disorders like this, you wouldn't know that, you'd have no idea.
So just take this advice, okay, you're fine, or you believe you are or whatever, the point is you wouldn't know if you weren't.
So go to the doctors regardless, and just say people are questioning your sanity, there's no harm if you're right the doctor will tell you you're fine and you can carry on as is and everyone questioning
Re: (Score:2)
hacked?! (Score:5, Insightful)
You aren't being hacked, the owner of the wifi in your house is fed up with you skanking his wifi and blocking you.
How did this get posted?
Webroot SecureAnywhere (Score:2)
Don't know if it's the best, but it's the one the WSJ recommended a year or so ago. Yet for the last few months a pretty bad bug, failure to update, has affected many users: http://community.webroot.com/t5/Webroot-Mobile-for-Android/Definition-Update-Failed/td-p/9404 [webroot.com] A fix is finally due this week, they say.
The problem is that many phones have very little volatile memory available. On my phone, apps like Facebook and Youtube and Twitter and Poynt cannot be deleted, nor the detested music content app of my
Is this a joke? (Score:5, Insightful)
So you have two devices having problems connecting to your home access point, and you assume you need protection for your android devices? It sounds more like you need to fix a problem with your access point, in that it's stopped accepting connections. Maybe it's exhausted DHCP assignments for your devices, or your MAC addresses are being blocked - maybe because someone was trying to spoof them, maybe because of a bug in the access point.
Going from "my devices are having problems connecting to my access point at home only" to "help, hackers are attacking my android devices" is a bit of a stretch, isn't it?
And more of a stretch is how this got front page...
blocked MAC adresses (Score:5, Informative)
Re: (Score:2)
You forgot the part where Bill Gates personally will deliver to you a giant pile of Microsoft Preferred Stock and $1,000,000.00 for forwarding the message on...
Para-droid? (Score:3, Insightful)
Re: (Score:2)
Re: (Score:3)
possible/probably (Score:2)
It seems you are concluding that you have been hacked because you can't connect to one home network that someone else administers, but are fine on other networks. It's probably the network, not your phone.
Some probably causes:
The admin changed the security protocol to one your devices don't support. (I see that with nintendo 3ds gameboy
Murdering the evil hacking room mates (Score:2)
is clearly the only option.
Sadly that will prbbaly seem reasonable considering your display of logic and reason so far.
A perfunctory glance at this post tells me (Score:4, Insightful)
...that SternisheFan is not being "hacked". I do get the impression that he's somewhat clueless, though, and could benefit from the wisdom of the /. community.
For one thing: do not keep BT on all the time - that's going to sap a bit of energy from your battery. Not terribly much, but since it's also a potential safety risk, there is absolutely no need to have Bluetooth on unless you need it.
It's when the wi-fi situation was mentioned, that I realized the poster is clueless.
Dos and don'ts (Score:4, Informative)
Doesn't sound like you're hacked really.
But generally:
don't: ..run old versions of android (upgrade your devices - upgrade hardware if you can't run latest software) ..install apps from non-appstore sources, be vary of malicious appstore apps as well (read reviews, do research before install, generally avoid "freebie" versions of paid software). ..surf on strange pages, click strange links or scan QR-codes ..have bluetooth/wifi/nfc on when not needed ..connect to unsecure free wi-fi, ever. ..don't use public USB loading stations (airports, malls etc). ..have sensible information on your phone/tablet.
do ..use encrypted device / sd-card ..use passphrase to lock the device screen ..use remote wipe/anti-theft service (most AV-vendors offer this) ..keep backups ..consider using a VPN service for those moments you can't avoid connecting to unsecure wi-fi.
That's it for starters.
Re: (Score:2)
fantastic.. my nice formatting went to hell.
The issue may be just RF not hacking. (Score:2)
Obvious answer (Score:2)
" How Can I Protect My Android Devices From Hackers?"
Simple, don't turn them on.
Create an air gap (Score:2)
Basics of Droid Security (Score:2)
2). Take caution when jailbreaking your phone, this exposes additional security vectors which require additional lock down steps.
3). Install applications only from the Play Store and read reviews before installing.
4). If your provider does not update your phone's software, you should do this manually via releases provided by manufacturers websites.
AFAIK that's pretty much it.
I don't see how this should be happening (Score:2)
I had an old Froyo phone for a while. Even on that old OS, you could only set Bluetooth to "discoverable" mode for 120 seconds, after which it would turn off automatically. Setting TV show exploits aside... don't the BT attacks (bluesnarfing, bluejacking) require your phone to be in discoverable mode?
Needs more info (Score:2)
OP mentions "hacking" a lot, but doesn't provide any concrete examples of it besides suspicion. It's ok to not be very computer literate (I care less), but to think everytime there's an error = hacker is kinda dumb. You're probably getting an error on your wi-fi network (is it yours? public? neighbors?) due to misconfigured settings, those tend to throw errors. How do you know your bluetooth is being brute forced? Are there changes on your device you haven't made? Anyways I feel I'm throwing words to t
how did this dumbass get this posted on /. (Score:5, Informative)
WTF.
The OP obviously is not "hacked". That doesn't make the first bit of sense. Even if the problem wasn't presenting on *two different devices*, why in god's name would any 'hacker' disable your WIFI (and only at your own home). What is the possible motivation for this imaginary criminal mastermind who has invested their time in ruining your WIFI when you are at home? Is he perhaps funded by The Others in a plot to steal your mind waves???
Or maybe... just maybe... (and I know, I'm reaching here)... YOUR ACCESS POINT IS BROKEN, OR HAS BEEN CONFIGURED TO BLOCK THESE DEVICES??? It's just a theory based on the fact that two different devices work fine with every other access point, but not this one. Wild, I know.
How did the editors not notice that this is complete ignorant crap?
PS
the entire question is retarded.
thank you
Move to a Windows Phone .. (Score:3)
Insert Innovation Here [postimage.org]
Re:Good fix (Score:5, Insightful)
Re:Good fix (Score:5, Funny)
Everyone knows it was the Atari 800 versus the Commodore 64 that was the holy war of the 80s!
Or was it Amiga versus the Atari ST?
Coke versus Pepsi.
Re: (Score:3)
Let us not forget emacs vs. vi!
Of course, everyone knows emacs is better! ;)
Re:Good fix (Score:5, Funny)
Wait, no you guys.... Emacs vs. Windows XP!
Which is the more bloated operating system?
Re: (Score:3)
Re: (Score:2)
Everyone knows it was the Atari 800 versus the Commodore 64 that was the holy war of the 80s!
It was the C-64 vs Speccy. Oh, how I miss the succulent, heated, at times intelligent but always funny flamewars on Usenet. I think at least 30% of the participants were in on the joke, and weren't actually serious in their flaming the opposite computer.
When I read those threads, I thought humanity was good.
Re: (Score:2)
Look, talking operating systems is one thing; you're threatening to start a war over something people really care about.
Re: (Score:2)
Actually when I was in college in the 80s, the physics department had a Truevision graphics card installed in a IBM AT. It had 24 bit color graphics. The card itself was more expensive than the Amiga computer system.
Re: (Score:2)
Don't you remember the viruses that affected iOS? http://www.tomshardware.com/news/iphone-virus-botnet-bank-details,9136.html [tomshardware.com]
Re: (Score:2)
Re: (Score:2)
Except jailbreaks require local, physical access to the device in question. Nothing remote.
Re: (Score:3)
Not true.
There is/was a website (jalbreakme.com, IIRC) which used a PDF vulnerability in iOS to jailbreak iPhones, just by clicking a button on their site using the iOS web browser.
Re: (Score:3)
Re: (Score:2, Insightful)
Also, compatibility between routers and hardware is not uncommon either. My toshiba laptop couldn't reliably connect to my parent's router, though it works fine with Linksys. And I've seen many HP laptops have problems with many router brands.
Its likely your phone, or your router diverges from the wifi standard in some non compatible that causes problems.
I seriously doubt you are being hacked. Just shit technology.
Re: (Score:2)
I can second this, too. I have had some early 802.11b stuff that used to lock up and BSOD whenever they would get around a router that did 802.11g. I had others that worked fine with linksys and netgear stuff but would lock up around Apple Airport routers. So yes, there are definitively incompatibility issues between differing hardware setups and especially so between differing generations of hardware.
Re:Submitter here... (Score:5, Insightful)
I've had enough of a crash course in android this year to know it's real, especially when I have family members who are in law enforcement and gov't jobs that they can't/won't talk about. Those people do have access to the 'interesting' toys...
I don't know, dude. The most logical answer anybody here can give you: your wifi access at home is crap because a) both of your devices work fine using other hotspots and b) both of your devices don't work at home. Btw, Android 2.2.x (aka Froyo) is known to have wifi problems in enterprise settings. Google fixed that in 2.3. Just another example how other explanations make a lot more sense than "I am being hacked." And the quote above makes you sound a bit of a looney.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
If you have friends with specialized tools to detect this kind of thing... did you consider asking one of them to take a look at your device and/or recommend a security app?
I'm one of the doubters. I don't think you were hacked. But check out the major Anti virus companies products, I'm sure they would love to take your money and give you the peace of mind you've been lacking.
http://www.f-secure.com/en/web/home_global/mobile-security [f-secure.com]
http://us.norton.com/norton-mobile-security/ [norton.com]
https://www.mcafeemobilesecuri [mcafeemobilesecurity.com]
Re: (Score:2)
Re: (Score:2)
2nded.
Re: (Score:2)
Yes.