Can a factory reset be security compromised?

[ChrisTheHairyOne]

Hi All,

I just bought a refurbed Note 10 Ultra from a recognised retailer. Got it home, booted and followed the standard 'new purchase' setup. Linked with my google account and started to set up the phone. I had to reset my Samsung account password because I'd forgotten it, but that was OK.

I upgraded to the latest firmware and started to set up online banking etc. While looking for a confirm email, I noticed that among the Google 'new device access' alerts, I had one for an Ipad. This is worrying, since I never use apple stuff.

Is there a way of hacking a phone so that it appears to be factory reset but still captures and transmits passwords etc? And, if so, would the OTA update fix the leak?

Obviously, I have reset the google password (from another device, just in case)!

Cheers,

Chris

 

[Rukbat]

If malware has been installed as a system app, it's not only possible, that's what would happen - system apps aren't uninstalled during a reset. They aren't uninstalled during an OTA update either. You'd have to reflash the ROM to do that.

But access to a Google account doesn't mean that it was done in the phone, it means that someone, using an iPhone, accessed the account itself. I'd change the password on the account immediately, using a password that's at least 30 characters long, using random upper, lower case, numbers and special characters - and I'd set up 2 factor authentication (you get a text with a - I believe it's 6 - digit number when you try to access the account, and you have to enter that number). Otherwise, anyone who has your current password (which is probably what happened) can get into that account at any time from any online device anywhere in the world (except maybe in China).

 

[B. Diddy]

Welcome to Android Central! Are you using 2-factor authentication? If not, I would strongly recommend it.

Also, if you still have that email, look carefully at the "From" address and make sure it looks like a legit Google email address. I've seen phishing emails like that. If possible, share a screenshot of the email (but make sure you blur out your own email address for your own privacy): http://forums.androidcentral.com/ge...ide-how-post-screenshots-android-central.html

 

[ChrisTheHairyOne]

Rukbat, thanks for the info. Once I've resecured my email, I guess I need to flash my handset with a known good version before setting up any security critical apps like banking etc.

Any pointers to an easy ABC of reflashing?

 

[ChrisTheHairyOne]

It's definitely a real google response. It's in the same chain as the original notification of attaching the Note10, but thanks for the warning.

 

[mustang7757]

Rukbat, thanks for the info. Once I've resecured my email, I guess I need to flash my handset with a known good version before setting up any security critical apps like banking etc.

Any pointers to an easy ABC of reflashing?

Can use odin to reflash the firmware, what carrier u on ?

 

[B. Diddy]

Just curious -- did you also get a Google account alert about the Note10 Ultra also being a new device, or does it seem like Google is mistaking it for an iPad?

 

[GDany]

Just curious -- did you also get a Google account alert about the Note10 Ultra also being a new device, or does it seem like Google is mistaking it for an iPad?

It is strange that exactly at the same time or immediately after setting up the device he got more than one security notification from Google. It is like somebody is waiting 24 hours a day for somebody else to access its account, steal its password (using a keylogger, let's say) and then immediately access it.

 

[TodaySteve]

Now this is troubling. The endless pursuit of your money will never stop.