Smart Lock For Passwords - Nexus 6 General

just signed into this to check it out and lo and behold I now have all the passwords of everyone who has used my computer. makes me wonder how many places i have left my passwords over the years.

I think where Smart Lock for Passwords shines is the app integration within Android. App developers looking for convenience now don't have to offer Google Sign-In but instead can roll their own login/pw system, and then simply utilize the Smart Lock for Passwords API. That's the best of both worlds.
For secure password generation, management, cross platform usability, etc., the full featured apps like LastPass and 1Password are still miles ahead.

i feel like it needs to have a little more security than it has though. if this is on by default, and it appears it has been for years looking at some of the old passwords and sites i have in my list, then what's to stop people from hacking all your sites if they get your google password? defeats the purpose of having secure, difficult passwords if all they need is one. it has my home wifi password saved and viewable for cripes sake. not just mine either. my mom visited from michigan and used my computer. i now have her ebay, facebook, and email logins and passwords, along with everyone who has used my computer.

bobprobert said:
i feel like it needs to have a little more security than it has though. if this is on by default, and it appears it has been for years looking at some of the old passwords and sites i have in my list, then what's to stop people from hacking all your sites if they get your google password? defeats the purpose of having secure, difficult passwords if all they need is one. it has my home wifi password saved and viewable for cripes sake. not just mine either. my mom visited from michigan and used my computer. i now have her ebay, facebook, and email logins and passwords, along with everyone who has used my computer.
Click to expand...
Click to collapse
Turn on 2-factor authentication.

...And that why you need to let your friends and family know that they should be using Incognito browsing or their own chrome user profile when they use your computer.
If you saved your passwords on someone else's computer, than you should be doing the same as your family! Go Incognito!

SX86 said:
...And that why you need to let your friends and family know that they should be using Incognito browsing or their own chrome user profile when they use your computer.
If you saved your passwords on someone else's computer, than you should be doing the same as your family! Go Incognito!
Click to expand...
Click to collapse
this. what op describes sounds to me like basic user error. type any password on any computer and you run the risk of having it stored there. go to your local library for hilarious proof of this. the key is to protect your assets (passwords) by only typing them from a secure profile or on a PERSONAL computer that only you use

Related

Inability to access google account

I went to sleep last night awaiting my first day at sixth form. My G1 was going to be there for internet browsing whilst looking for information (school intranet is very unreliable) but I woke up with a slightly different issue. An ! mark. Turns out somebody had hacked my google account overnight and changed my password. i can now no longer access any google features, including any synced things on the phone, all because of some pesky hacker (of course not aimed at the wonderful 'hackers' on here such as drizzy, twisted, cyanogen, jac etc).
However, I only have one email address so I did not provide an alternate, and to reset my password requires me to know the date i started using my account, which I haven't got a clue. Does anybody know what I can do in this position? Thanks a lot
Tucka
tucka20 said:
I went to sleep last night awaiting my first day at sixth form. My G1 was going to be there for internet browsing whilst looking for information (school intranet is very unreliable) but I woke up with a slightly different issue. An ! mark. Turns out somebody had hacked my google account overnight and changed my password. i can now no longer access any google features, including any synced things on the phone, all because of some pesky hacker (of course not aimed at the wonderful 'hackers' on here such as drizzy, twisted, cyanogen, jac etc).
However, I only have one email address so I did not provide an alternate, and to reset my password requires me to know the date i started using my account, which I haven't got a clue. Does anybody know what I can do in this position? Thanks a lot
Tucka
Click to expand...
Click to collapse
You can wipe your phone and create a new account. Then in the mean time just email google and see what they can do for you.
yep, thats an option. however I have purchased numerous apps (copilot being the most expensive) that are linked to the account and that I will lose.
Also, I emailed them and they said I didn't provide enough information on my account to get it back. How the hell am I supposed to know the dates I started using 1. the account 2. youtube 3. Google calendar?
Why not just provide me with a security question?
tucka20 said:
Why not just provide me with a security question?
Click to expand...
Click to collapse
I'm wondering if you are interacting with a real Google password recovery page. From my account page the only password recovery options are:
- Secondary email (optional)
- SMS (optional)
- Security question
At no point does it ever indicate it would recover my password using something as arcane as the date I first started using Google services. By the way, I highly recommend the "Write my own question" option for the security question. Choose a question that describes a very particular characteristic of one of your heirloom or keepsake possessions.
https://www.google.com/support/accounts/bin/request.py?ara=1&hl=en&contact_type=ara&ctx=ara
Besides a secondary email account (which i don't have) it is not possible for me to do this! I am really pi*sed off with google at the minute, and am considering selling the G1 because of this. I am an ebay seller with items currently on and use my gmail address with confidence for that account, and unfortunately I can now no longer send/ receive emails to customers. THANKS A LOT GOOGLE
tucka20 said:
https://www.google.com/support/accounts/bin/request.py?ara=1&hl=en&contact_type=ara&ctx=ara
Besides a secondary email account (which i don't have) it is not possible for me to do this! I am really pi*sed off with google at the minute, and am considering selling the G1 because of this. I am an ebay seller with items currently on and use my gmail address with confidence for that account, and unfortunately I can now no longer send/ receive emails to customers. THANKS A LOT GOOGLE
Click to expand...
Click to collapse
Any reason why you couldn't recover using the regular account recovery screen? It should use your security question.
I'm not sure why you're angry at Google, when your own computing practices are what probably caused your account to be exploited (probably weak password or trojan installed a keylogger)? Regardless, Google is just practicing normal due diligence for account recovery. Account recovery has to use information that only you know (and which you possibly might not even know yourself).
If you're concerned about your eBay sales, go into your eBay preferences and change your registered email.
I dont have another email address, and have no intention of creating a new one! My password is a mixture of numbers and letters (UPPER and lower case) and I have a separate laptop that handles ebay sales so the only thing that the laptop accesses is ebay website/paypal/gmail and its running linux.
The only other time i use my gmail account is on my g1.
The reason I am angry is because this is the only company I have ever seen with security measures this tight! Even when a friend lost his paypal password it was a simple DOB/ security question thing.
I go to recover password, and it asks for my email address. I then type it, and it tells me I don't have a secondary address to receive my security question and to fill in the form posted above. That is all I get, no security question!
tucka20 said:
I dont have another email address, and have no intention of creating a new one! My password is a mixture of numbers and letters (UPPER and lower case) and I have a separate laptop that handles ebay sales so the only thing that the laptop accesses is ebay website/paypal/gmail and its running linux.
The only other time i use my gmail account is on my g1.
The reason I am angry is because this is the only company I have ever seen with security measures this tight! Even when a friend lost his paypal password it was a simple DOB/ security question thing.
I go to recover password, and it asks for my email address. I then type it, and it tells me I don't have a secondary address to receive my security question and to fill in the form posted above. That is all I get, no security question!
Click to expand...
Click to collapse
Looks like your stuck getting another email address and trying to work up the Cust. Serv. chain at google...
tucka20 said:
I dont have another email address, and have no intention of creating a new one! My password is a mixture of numbers and letters (UPPER and lower case) and I have a separate laptop that handles ebay sales so the only thing that the laptop accesses is ebay website/paypal/gmail and its running linux.
Click to expand...
Click to collapse
That does sound like a pretty secure setup.
Well I guess the best you can do is just try filling out that password recovery form. It doesn't appear that dates for the times you first started using specific Google services is necessary. Worst case scenario you could just guess. Since you already don't have any access now, I reckon you have nothing to lose. Good luck!

4million people downloaded data-stealing Android app

http://www.tgdaily.com/security-brief/50862-as-many-as-4-million-people-downloaded-data-stealing-android-app
Mike Luttrell | Thu 29th Jul 2010, 08:30 am
A seemingly innocuous Android app that let users change their phone's wallpaper has actually been stealing private user information and may have been downloaded millions of times.
Users should be concerned if they downloaded an app from "Jackeey Wallpaper." While it does perform the functions described in the app download page, it also ends up taking the phone's Internet browser history, mobile phone number, every single text message, and voicemail password. That information is then sent to a website based in Shenzhen, China.
Click to expand...
Click to collapse
http://phandroid.com/2010/07/29/another-app-stealing-data/
[Update]: MyLookout chimed in with us to clarify some details that other outlets have been reporting. Specifically, the app does collect data from your phone, but only the device’s phone number, subscriber identifier, and voicemail number fields are retrieved. SMS and browsing history are not touched by any of the apps they analyzed throughout their Blackhat conference. Your voicemail’s password is also not transmitted unless you included the password in your phone’s voicemail number field.
We’re not yet certain on what the developer’s intentions are for using the pieces of data it does send to China – so we can’t outright call it malicious – but it is collecting and sending data nevertheless. Hopefully that clears up some of the confusion everyone’s been faced with regarding the read-only property READ_PHONE_STATE that the application uses to access certain pieces of data.
Click to expand...
Click to collapse
So no SMS, browsing history or voice mail password taken.
FOR REAL?!?!
All your data belongs to somebody else
jp_macaroni said:
http://www.tgdaily.com/security-brief/50862-as-many-as-4-million-people-downloaded-data-stealing-android-app
Click to expand...
Click to collapse
Free isn't free: http://www.androidpolice.com/2010/0...t-all-your-data-are-belong-to…-somebody-else/
Same happened to me with an app posted here for movies
Flixster for android
http://www.flixster.com/
I did find out ON TIME , that someone was messing with my gmail account , had to change my password inmediatly
I received an altert from an IP ( from their site ) trying to change my password !
You've been warned , happened to me !
It's not like it doesn't show you the stuff when you install apps.. And this "Genome Project" thing is out of context nonsense.... 14% of free apps have access to your contacts. You realize that includes IM programs, SMS programs, Email programs, etc....
If you install a wallpaper app that requests access to your Accounts and Contacts, well....
http://www.cyrket.com/search?q=Jackeey+Wallpaper
I don't see such permissions on the 2-3 I looked through, but maybe specific ones did.
Another thing about this "lookout" app and Genome Project.. Look at the permissions on their app on the market:
Permissions: ACCESS_COARSE_LOCATION , ACCESS_FINE_LOCATION , ACCESS_NETWORK_STATE , CLEAR_APP_CACHE , DISABLE_KEYGUARD , GET_ACCOUNTS , INTERNET , MANAGE_ACCOUNTS , MODIFY_AUDIO_SETTINGS , PERSISTENT_ACTIVITY , READ_CONTACTS , READ_LOGS , READ_OWNER_DATA , READ_PHONE_STATE , READ_SMS , READ_SYNC_SETTINGS , READ_USER_DICTIONARY , RECEIVE_BOOT_COMPLETED , RECEIVE_SMS , VIBRATE , WAKE_LOCK , WRITE_CALENDAR , WRITE_CONTACTS , WRITE_SETTINGS , WRITE_SMS , WRITE_SYNC_SETTINGS , WRITE_USER_DICTIONARY , com.android.browser.permission.READ_HISTORY_BOOKMARKS , com.android.browser.permission.WRITE_HISTORY_BOOKMARKS
What if the 'AV' software itself turns out to be the one stealing data? If anything could, it could.
we get that all apps ask for permission to allow access to our location, contacts, emails etc....but to gather our private info and sell them to China.....thats messed up.
time to sue.
That information is then sent to a website based in Shenzhen, China.
Click to expand...
Click to collapse
question:
if this app was downloaded and used by US government....would it be considered as a SPY? lol
It's a big deal, but it illustrates very well that android users are in a ffa environment without someone looking over their shoulder to protect them.
It's good and bad. Some people will call bad on google for not protecting them, but others will see it for the truth of it and know they have to cover their own ass.
Wouldnt a functional firewall app work for this?
cutting off apps access to non essential portions of data...but also from data transmitting?
Flixster is malicious??
pvillasuso said:
Same happened to me with an app posted here for movies
Flixster for android
http://www.flixster.com/
I did find out ON TIME , that someone was messing with my gmail account , had to change my password inmediatly
I received an altert from an IP ( from their site ) trying to change my password !
You've been warned , happened to me !
Click to expand...
Click to collapse
Woaaah now... I have used this app on almost ever ROM I flash - downloaded straight from the market each time. I've never had an indication that my information was compromised in any way... Are you 100% sure that Flixster was the culprit? That's a pretty heavy claim for what I think is a very widely used (and recommended) app.
and what about all the gmail notifiers?
More fears:
I will preface this by saying I don't know much about Android security, but to me, it's as secure as any PC.
So: what about gmail notifier apps and apps that ask for access to your gmail account?
Do they have access to your gmail password? Seems like it. So what's to stop malicious gmail notifier developers from stealing your gmail passwords and having their way with your google account, for example, grepping your mailbox for banking information.
Also think about keyboard apps, what's to top malicious keyboard developers from writing a keyboard which logs all your keystrokes to a zipfile then uploads it to a russian server for analysis of B-A-N-K and P-A-S-S-W-O-R-D and then the next keystrokes which follow that?
It doesn't end there. Picture apps which can steal your pictures. Apps which can record your phone conversations and upload the audio to servers a few hours later so you don't notice that data going on.
bwolmarans said:
More fears:
I will preface this by saying I don't know much about Android security, but to me, it's as secure as any PC.
So: what about gmail notifier apps and apps that ask for access to your gmail account?
Do they have access to your gmail password? Seems like it. So what's to stop malicious gmail notifier developers from stealing your gmail passwords and having their way with your google account, for example, grepping your mailbox for banking information.
Also think about keyboard apps, what's to top malicious keyboard developers from writing a keyboard which logs all your keystrokes to a zipfile then uploads it to a russian server for analysis of B-A-N-K and P-A-S-S-W-O-R-D and then the next keystrokes which follow that?
It doesn't end there. Picture apps which can steal your pictures. Apps which can record your phone conversations and upload the audio to servers a few hours later so you don't notice that data going on.
Click to expand...
Click to collapse
The same things are possible for a regular computer as well. You can connect to a site and it could execute a download that then snoops your keystrokes and uploads them somewhere.
The difference (so far) is that on android you have to install an app to do that.
The takehome message is to excersize caution and install apps you can verify where they come from and what they do.
This will happen more and more. Mobile is where people are doing most of there communication and beginning alot of banking.
Not just Android all mobile OS.
Like I said a zonealarm/lilsnitch like app would be of great use. Even if logging or reading they still need to communicate out. An easy low mem/bat/cpu usage app that monitors this behaviour would go along way.
This is becomming a bigger issue and we do need some type of security alert monitor!
http://www.newsfactor.com/story.xhtml?story_id=13100EVAC2WI
"Mobile apps on Android-powered smartphones and Apple's iPhone can disclose more personal data than most users realize, security vendor Lookout revealed Wednesday at the Black Hat USA 2010 conference in Las Vegas. Rather than being malicious, users often give the apps permission to access data when they are installed...."
jp_macaroni said:
http://www.tgdaily.com/security-brief/50862-as-many-as-4-million-people-downloaded-data-stealing-android-app
Click to expand...
Click to collapse
Opps missed this post prior to posting my thread...
http://forum.xda-developers.com/showthread.php?t=739446
Arcarsenal said:
Woaaah now... I have used this app on almost ever ROM I flash - downloaded straight from the market each time. I've never had an indication that my information was compromised in any way... Are you 100% sure that Flixster was the culprit? That's a pretty heavy claim for what I think is a very widely used (and recommended) app.
Click to expand...
Click to collapse
100% sure , I checked out the IP involved , and it pointed directly to their website !!!
pvillasuso said:
Same happened to me with an app posted here for movies
Flixster for android
http://www.flixster.com/
I did find out ON TIME , that someone was messing with my gmail account , had to change my password inmediatly
I received an altert from an IP ( from their site ) trying to change my password !
You've been warned , happened to me !
Click to expand...
Click to collapse
Don't be stupid. Flixster is a 100% legitimate app. Don't bad mouth it because you fell for a phishing scam some place else.
GldRush98 said:
Don't be stupid. Flixster is a 100% legitimate app. Don't bad mouth it because you fell for a phishing scam some place else.
Click to expand...
Click to collapse
Use it then, who cares anyway ..!
Hope u get your gmail account hacked ...
samagon said:
The takehome message is to excersize caution and install apps you can verify where they come from and what they do.
Click to expand...
Click to collapse
Easy to say, but how do you 'verify where they come from and what they do'?

Any way past corporate-required PIN locks?

My company upgraded their exchange server, and now requires lock screens (PIN or password, no pattern) if we want to access email on our personal phones.
As someone with a rooted phone, is there any way to disable this and still have access to my corporate email? It's really annoying to have to punch in a PIN 500 times a day, but I really do need email access on my phone as much as I'm on the road.
I think this has been discussed before, but maybe on a different phone (HeroC maybe) But essentially no there isn't away - to access the server the phone goes through a series of checks, one of the checks being that an appropraite pin was entered to unlock the phone. if that check fails, authentication to the server is denied. Someone *might* be able to spoof the check in the email app, but I am fairly sure its actually OS deep, not just within the mail client.
So it would be a large undertaking and potentially could cause you to loose your job by by passing security measures. I know I wouldn't think twice about firing someone who did it on my network.
No way that I know of, and is something that is on pretty much everyphone. Blackberrys the security policies can even block installation of 3rd party applications.
What's even more fun for you, is the ability of your it staff to lock you out of your phone or even remotely wipe your phone.
Sent from my SPH-D700 using XDA Premium App
Restola said:
My company upgraded their exchange server, and now requires lock screens (PIN or password, no pattern) if we want to access email on our personal phones.
As someone with a rooted phone, is there any way to disable this and still have access to my corporate email? It's really annoying to have to punch in a PIN 500 times a day, but I really do need email access on my phone as much as I'm on the road.
Click to expand...
Click to collapse
I think you are stuck. Do you have the option of getting a company-supplied phone to access the company email, and keep your personal Android separate?
There is a thread in Q&A talking about an app that does this.
Do you BONSAI?
Actually there is a way I had to do it to my coworkers phone for her pattern lock
What u need: locked phone phones #, wifi or u can use wifi tether if u have another phone
1. Call the persons phone #
2. Leave phone call connected on both sides
3. Connect to wifi if u havnt already
4. Goto settings/accounts manager setting or what ever and log into a diff google account then it should require u to change the password to by pass it
Should work hopefully I read this thread correctly and answered appropietly
Edit sorry read it wrong and u don't think there is a way
My way is how u get around it
Sent from my Epic 4.1g bonsai plant
Here's the link to the thread that may help:
http://forum.xda-developers.com/showthread.php?t=1033017
I thought it was just being big brother, turns out its a regulatory requirement since we were bought by a publicly traded company. I guess I'll deal with it. If it pisses me off too much I'll just get rid of my exchange account on my phone and stop responding to emails when I'm not at my desk.
A possible workaround would be to try touhdwn for your exchange mail instead of the default mail client. Its a paid app but there should be a demo version in the market. I have a dp2 for work and they pay for touchdown for us. When using touhdown it pin locks just the app instead of whole phone. On my Droid at least moto customized the screen timeout and lock to be different timers so I found the pin to be less annoying than the interface of touchdown.
With the epics slightly bigger screen to make the TD interface a litte less annoying(lots of small buttons instead of utilizing menu button) and since epics lock is all or nothing I think I might actually use TD on my epic if I were getting my corp email there.
While not a complete removal of the pin maybe it would at least make it less annoying for you. Plus I'd guess if work catches you wihout a pin it might not go over well. TD solution lets you protect the email if you lose your phone, and does have a remote wipe for the same scenario.

[Q] Maintaining PRIVACY with a Family-Shared Nexus 7

So I received a Nexus 7 today as a gift from a grateful client. I'd wanted one for quite a while and would have purchased one eventually, but through luck, I finally have an N-7. But having played with it for barely an hour, I'm concerned about privacy in sharing this device with my family.
You see, I want to use this on my existing Google account, so that dozens of apps that I've previously purchased for my Android phone (Razr Maxx) and Android Tablet (ThinkPad) can be installed on this device without having to re-purchase them all. However, to my great surprise and frustration, I can't seem to make the Chrome Browser logout of my account and stay logged out.. Using App Protector Pro, I can lock down the Gmail app and other apps that I don't want others using. However, even though there is a logout link in Gmail when displayed in the Chrome Browser, whenever I re-open the browser the home page it displays offers to let me sign into my Google account with one click.
I use Gmail to communicate with clients. I am required by law to keep their communications private. I absolutely cannot allow a family member to have access to my Gmail account under any circumstances. How can I let my spouse and kids use the Nexus 7 but make it impossible for them to get to my Gmail through the browser? Note: I have no such trouble on my ThinkPad, but it's running ICS not JB.
You can use switchme for user accounts its the best and probably the only app around here that makes you feel desktop like user account experience. For example after adding a password to your account you can create a new account for your children. New account will not have any kind of data from your account including user apps,cookies,history,mail accounts and even the wifi access points so nothing from your account .
https://play.google.com/store/apps/details?id=fahrbot.apps.switchme

Possible that I am being checked/hacked ChatOn/WhatsApp remotely ?

My girlfriend and I are using ChatOn for chatting, sometimes WhatsApp. She uses the Galaxy S2. She thinks that her ex-boyfriend is checking/stalking her, while I have said that it would be nearly impossible that he could actually see the messages we exchange. He probably can access her router at home (he installed it). We were using ChatOn (instead of WhatsApp) thinking that he would not know that, or would be familiair with that (it is not that popular over here).
This night, 2am, I received 2 smileys in the ChatOn chat, from my girlfriend (portraying a spitting smiley, which we never use, and we were talking angry and frustrated about the ex-boyfriend). My girlfriend says she cannot have send those 2 smileys. She would need to have logged into her Phone (long password) and she was definitely asleep at that time.
My questions to the biggest experts here:
- Can somebody really get into Chaton, and send messages on your behalf, remotely ? The ChatOn accounts are not linked to anything we do not have Samsung accounts and we have not given access to any other account within ChatOn (I know it would be possible to use webChatOn, but you should give permission for that I think from within the ChatOn Mobile App)
- The same for WhatsApp ?
- Everything send through WiFi is encrypted in the App itself, so text would not be visible from the router ? You can only see encrypted data ? And it would be impossible to send something from the account through the router ?
- Would there be any explanation for the smileys ?
We are getting quite nervous ....
Unfortunately yes..
It is possible that her bf may have access to her whatsapp by mac spoofing.He may know the mac address of her phone.
MAC spoofing is a technique for changing a factory-
assigned Media Access Control (MAC) address of a
network interface on a networked device. The MAC
address is hard-coded on a network interface
controller (NIC) and cannot be changed. However,
there are tools which can make an operating system
believe that the NIC has the MAC address of a user's
choosing. The process of masking a MAC address is
known as MAC spoofing. Essentially, MAC spoofing
entails changing a computer's identity, for any
reason, and it is relatively easy.
The changing of the assigned MAC address may allow
the bypassing of access control lists on servers or
routers , either hiding a computer on a network or
allowing it to impersonate another network device.
MAC spoofing is done for legitimate and illicit purposes
alike.
He might have spoofed his phones mac address and assign hers.This way whatever replies she gets will be received by him......but still the question is that if he knows the mac address
You should change the router config asap. Also.. Does your gf use a ROM installed by the ex? My advice its flash a new fresh ROM and change every app password ,including emails
Using Tapatalk GT-I9505
Quite Possible
Especially for the older versions of chat-on app (2012-12-04 and before), do not use Public WiFi networks. The communication between client and server is not encrypted (whereas Whatsapp encrypts before sending). the Session can easily be intercepted or even spoofed. Though it requires a little Technical skills for Spoofing. But its not impossible. You have to judge it from the Ability of her Ex.
If the Chat On app is the updated one then no need to worry as it uses the AES encryption, but still the files being uploaded/downloaded are not encrypted, and hence can be intercepted.
Change wifi pass... Make it complicated alphanumeric with numbers
Use wpa2psk on wifi
To do an arp spoof he would need to be on the same network. Thus do the above ASAP
Whatsapp Video Limit Problem
You want To send videos larger than 16Mb through Whatsapp?
yes, You can send Just Follow some steps
#Goto:
Xda-Link
Possible that I am being checked/hacked ChatOn/WhatsApp remotely
MattRob said:
My girlfriend and I are using ChatOn for chatting, sometimes WhatsApp. She uses the Galaxy S2. She thinks that her ex-boyfriend is checking/stalking her, while I have said that it would be nearly impossible that he could actually see the messages we exchange. He probably can access her router at home (he installed it). We were using ChatOn (instead of WhatsApp) thinking that he would not know that, or would be familiair with that (it is not that popular over here).
This night, 2am, I received 2 smileys in the ChatOn chat, from my girlfriend (portraying a spitting smiley, which we never use, and we were talking angry and frustrated about the ex-boyfriend). My girlfriend says she cannot have send those 2 smileys. She would need to have logged into her Phone (long password) and she was definitely asleep at that time.
My questions to the biggest experts here:
- Can somebody really get into Chaton, and send messages on your behalf, remotely ? The ChatOn accounts are not linked to anything we do not have Samsung accounts and we have not given access to any other account within ChatOn (I know it would be possible to use webChatOn, but you should give permission for that I think from within the ChatOn Mobile App)
- The same for WhatsApp ?
- Everything send through WiFi is encrypted in the App itself, so text would not be visible from the router ? You can only see encrypted data ? And it would be impossible to send something from the account through the router ?
- Would there be any explanation for the smileys ?
We are getting quite nervous ....
Click to expand...
Click to collapse
I don't think someone can send messages on your behalf but yes your messages could be read very easily. That's the reason why chat apps like Photo4tune are coming up with innovations such as fire messaging and self destruct pics to eliminate the provacy concerns of apps such as whatsapp which sell our data to big shot companies.
identify the pic sent to from whatsapp database
is it possible to identify to whom the pics have been sent to from the database files of someone else ?
@MattRob:
Try Threema instead of WhatsApp or ChatOn, here it would be really impossible to compromise the messages, because it uses real End-to-end encryption.
Sent from my Nexus 4 using Tapatalk
Remote Connectivity
MattRob said:
My girlfriend and I are using ChatOn for chatting, sometimes WhatsApp. She uses the Galaxy S2. She thinks that her ex-boyfriend is checking/stalking her, while I have said that it would be nearly impossible that he could actually see the messages we exchange. He probably can access her router at home (he installed it). We were using ChatOn (instead of WhatsApp) thinking that he would not know that, or would be familiair with that (it is not that popular over here).
This night, 2am, I received 2 smileys in the ChatOn chat, from my girlfriend (portraying a spitting smiley, which we never use, and we were talking angry and frustrated about the ex-boyfriend). My girlfriend says she cannot have send those 2 smileys. She would need to have logged into her Phone (long password) and she was definitely asleep at that time.
My questions to the biggest experts here:
- Can somebody really get into Chaton, and send messages on your behalf, remotely ? The ChatOn accounts are not linked to anything we do not have Samsung accounts and we have not given access to any other account within ChatOn (I know it would be possible to use webChatOn, but you should give permission for that I think from within the ChatOn Mobile App)
- The same for WhatsApp ?
- Everything send through WiFi is encrypted in the App itself, so text would not be visible from the router ? You can only see encrypted data ? And it would be impossible to send something from the account through the router ?
- Would there be any explanation for the smileys ?
We are getting quite nervous ....
Click to expand...
Click to collapse
I think that BF using any softwares to control remotely like android lost, etc,, check any unwanted apps installed on it.
My advice is to install a new ROM, i prefere official roms, and change all passwords set in phone (email,fb,twitter .....), also change router config to avoide any technique of hacking.
Shreyseviltwin said:
It is possible that her bf may have access to her whatsapp by mac spoofing.He may know the mac address of her phone.
MAC spoofing is a technique for changing a factory-
assigned Media Access Control (MAC) address of a
network interface on a networked device. The MAC
address is hard-coded on a network interface
controller (NIC) and cannot be changed. However,
there are tools which can make an operating system
believe that the NIC has the MAC address of a user's
choosing. The process of masking a MAC address is
known as MAC spoofing. Essentially, MAC spoofing
entails changing a computer's identity, for any
reason, and it is relatively easy.
The changing of the assigned MAC address may allow
the bypassing of access control lists on servers or
routers , either hiding a computer on a network or
allowing it to impersonate another network device.
MAC spoofing is done for legitimate and illicit purposes
alike.
He might have spoofed his phones mac address and assign hers.This way whatever replies she gets will be received by him......but still the question is that if he knows the mac address
Click to expand...
Click to collapse
I may have hit on something big. It is possible to "jump" into another person's Whatsapp account and send and receive messages and even change settings like profile picture and account name. Initially to set this up, the victim's phone is required but at the end it is not and all this can be done remotely. Both the hacker's and the victim's phones need to be rooted, unfortunately. Use an app like Titanium Backup and backup the victim's whatsapp and get that backup and restore the app data on the hacker phone and open Whatsapp and that's it. To reuse the hacker phone's original whatsapp, a seperate backup of it can be restored.
It is possible to create an application that can be installed in a non-rooted phone, with the ability to root it (applications that can do this merely, already exist) and make an application data copy that can be shared via a network (like the internet) to another party that can use an application (even the same one) that uses this data and jacks (takes-over or 'shares') the Whatsapp account on the device the 'application' was primarily install on.
destevez said:
You should change the router config asap. Also.. Does your gf use a ROM installed by the ex? My advice its flash a new fresh ROM and change every app password ,including emails
Using Tapatalk GT-I9505
Click to expand...
Click to collapse
I would have suggested this same opinion.. Thanks to the earlier poster.:thumbup::thumbup::thumbup:
Sent from my GT-I9300 using XDA Free mobile app
Whatsapp Hack
Thanks For Whatsapp Hack Remotely
Yes there are ways
There are few ways to achieve this. Changin wifi password with wpa/psk and making sure there is no app that helps x access phone info will make sure that its safe. Read my article to understand the hacking techniques for whatsapp
Discussion to promote or condone services for the purposes of illegally hacking something that you do not own will not be permitted.
Droidriven
Forum Moderator
OP no longer active. Thread closed.
Droidriven
Forum Moderator

Categories

Resources