How did he remotely access my Samsung?

[enak23]

Hi,

A person has had remote access to my Samsung. He's been able to view everything I do real-time. And while it's less certain, it seems like he's been able to delete e-mails from my Microsoft inbox which I used via Samsung Internet, indicating not only screen recording but remote system access.

Here's what I did after becoming aware of it:

1) I ran four different antivirus programs: Norton (paid version), AVG, Certo, Anti Spy Mobile (all freeware). In addition to Samsung's built-in scan. None of them detected anything, and nor had my Samsung been rooted.
2) I checked my Google Account for devices, finding only my own phone. And no suspicious log-ins or similar.

3) In Google Play Store, using a PC, I checked downloaded apps all the way back to when purchased my Samsung. All apps in the list are from reliable developers like Google and Samsung, and I recognise or trust nearly each of them (a dubious exception being "Samsung Biz Service", and nor do I remember installing "Google Play Games" or "Android System WebView"). So he can't have logged into my Google Play Store and installed apps on my Samsung from his PC (see also point 2).

4) Not least, I haven't accepted downloads other than those initiated by me. And only via Google Play. I'm also quite sure that "Install unknown apps" was disabled for all but some pre-installed Samsung and Google apps. Not least, nobody has had physical access to my device.
5) In sum, I've trawled my Samsung storage and settings manually and scanned it with anti-malware, not finding a single trace of malware or unauthorised access.

Before the incident, I had used my Samsung actively for one year: normal surfing like reading news, checking e-mail, listening to music, watching porn, you name it. No security apps, no system updates. Didn't erase cookies regularly. But from slack surfing habits to screen recording - undetected by antivirus - is a bit over the top. How did he do it?

 

[B. Diddy]

Welcome to Android Central! I moved this from the Android Apps forum to the General Help forum since the former is intended for developers to promote their apps.

Do you know this person? How do you know he can view everything you do real-time and delete emails? Do you post a lot on social media? That's one of the easiest ways for anyone to know what a person is doing. Or do you habitually log into your Google account or other accounts (like Facebook, Instagram, etc.) on public machines (including at work)? Remember that if you forget to log off, it's easy for anyone who uses the machine afterwards to see what you're doing.

 

[mustang7757]

Who was this person you allowed remote access? How did they go about doing remote access?

 

[Ry]

How did you become aware that someone has gained remote access to your device?

 

[enak23]

Thanks for your responses.

1) Nope, I don't know this person.
2) I've seen convincing evidence, including his approaching me in the game app Gardenscapes (I can't delve into details) and an unread e-mail being read and deleted in front of my eyes. In addition to generally strange behavior by my Samsung such as the mic being tampered with (using Audio Recorder, I spoke loudly 1 cm from the mic but it barely registered any sound and sounded like I were standing 20 meters away).

3) I never use public devices or connections, especially not for personal stuff like e-mail.
4) No-one has direct physical access to my device, because I always wear it in my pocket in public.
5) My passwords are generally strong. Also, I never use "auto-fill password", password keys etc.

 

[B. Diddy]

It's hard to figure something like this out on a forum discussion. If you're overly concerned you may just have to do a factory reset of the phone (without restoring any prior backups), create new accounts where possible (like in your games), and change all passwords (and use 2-factor authentication when possible, without using the SMS option for the 2nd factor). Since you've seen convincing evidence, I'd also bring that evidence to the proper authorities so that you can discuss your concerns about hacking and cyberstalking with them.

Do a security checkup of your Google account: https://myaccount.google.com/security-checkup

I would avoid most 3rd party "security" apps, since a lot of them are shady to begin with. If you insist on using one, probably the main one I'd trust is Malwarebytes.

Consider using a good VPN at all times, but be careful, since a lot of those are also of questionable integrity. I use NordVPN.

This site might be useful: https://haveibeenpwned.com/

Good luck!

 

[Tech friend]

You could additionally check your device with "Malwarebytes Security".

This app often finds malware that is not detected by similar programs.

Unfortunately I can't post URLs here, because otherwise I'll end up on the moderator preview: Just search the Google Play Store for "Malwarebytes Security".

 

[mustang7757]

I agree with b. Diddy

 

[Fulani Filot]

When you said "watching porn", did you watch from sites (stream) or did you download it from sites? Porn and torrent sites are hack-rich, malware-rich environments. The culprits there are even twisted enough to be patient (not in a hurry to take over your device so soon) so that you won't suspect your visit to the site as being the period when the hacking would start from.

 

[J Dubbs]

When you said "watching porn", did you watch from sites (stream) or did you download it from sites? Porn and torrent sites are hack-rich, malware-rich environments. The culprits there are even twisted enough to be patient (not in a hurry to take over your device so soon) so that you won't suspect your visit to the site as being the period when the hacking would start from.

Yep I was thinking the same thing ;-)

 

[Mooncatt]

2) I've seen convincing evidence, including his approaching me in the game app Gardenscapes (I can't delve into details) and an unread e-mail being read and deleted in front of my eyes. In addition to generally strange behavior by my Samsung such as the mic being tampered with (using Audio Recorder, I spoke loudly 1 cm from the mic but it barely registered any sound and sounded like I were standing 20 meters away).

So a random person approaching you in a game automatically means hacking? Since you aren't willing to to give more info on that, we must take your claim at face value, which would have zero to do with being hacked, and everything to do with regular gameplay. MMO games have users interacting all the time. Your mic claim is most likely a hardware defect. Again, not hacking. The email issue is odd, but wouldn't be the first time an app glitched and did something like that. A defective touch response from the screen's digitizer can do stuff like this as well, and is a more likely culprit than being hacked. You didn't tell us which phone you had (Samsung is only the brand, not the model), but all this seems more likely hardware defects if it's an older one.

For what you are claiming, especially the remote access, you would've had to approve the download and install of something. Apps can not be forced installed by a random hacker on Android. It sounds like you have good security and practices in place, so I'm thinking you haven't actually been hacked. At least not based on the info you've given us so far, which is all we can go on.

 

[Rukbat]

Sounds like a VNC server installed on the phone. It's not a virus or malware, so none of those programs will "find" it, but it does give others access to the phone. Disable anything with VNC in the name (or Teamviewer, Anydesk, any of the apps you see here). Any remote desktop app can do this sort of thing, and it only takes a "can I borrow your phone" for a minute to install an app.