While on default Android Email application, my e-mail account & pass were stolen !!
This problem may or may not be related to Epic 4G Touch or to Android, but it's the second time this has happened. See attached picture and try to find the problem !!! You guessed it, I moved from NY to Mexico in about 45 min !!!
After trying different Yahoo servers listed online, using the default Email application on my Epic 4G Touch (trying to get IMAP access instead of POP3) I noticed that my e-mail account & password were stolen. All my contacts received links to websites that side-loaded viruses into their computers.
I tried the following Yahoo servers, but I'm unable to pinpoint the faulty server address (most probably it's one of the servers without ssl requirement):
A)
incoming server = android.imap.mail.yahoo.com _ port = 143 (no ssl)
outgoing smtp server = smtp.mail.yahoo.com _ port = 465 (uses ssl)
B)
incoming server = imap.mail.yahoo.com _ port = 143 (no ssl)
outgoing smtp server = smtp.mail.yahoo.com _ port = 465 (uses ssl)
C)
incoming server = pop.mail.yahoo.com _ port = 995 (uses ssl)
outgoing smtp server = smtp.mail.yahoo.com _ port = 465 (uses ssl)
D)
incoming server = pop.mail.yahoo.com _ port = 143 (no ssl)
outgoing smtp server = smtp.mobile.mail.yahoo.com _ port = 587 (no ssl)
E)
incoming server = android.imap.mail.yahoo.com _ port = 993 (uses ssl)
outgoing smtp server = smtp.mobile.mail.yahoo.com _ port = 587 (no ssl)
Please note that I copied and pasted all the servers/ports as I found them listed online. I think that I tried all the combinations above, but I can't tell which one caused the problem.
EDIT 2/21/2012:
The way I personally think this has happened is that somewhere between my phone and the Yahoo server, there's some kind of automated program, sniffing for the e-mail/password combination when trying to connect WITHOUT using a secure SLL connection.
I checked my SENT folder from Yahoo and I can see all the e-mails going out, as if I had sent them myself. The above mentioned program red my entire contacts list, sent e-mails (in groups of 8 contacts at a time) in alphabetical order, until it reached the end of the list. After that it stopped. I was only able to figure this out about 30 minutes later, when I started receiving messages from "MAILER-DAEMON@yahoo.com <MAILER-DAEMON@yahoo.com>" because some e-mails were no longer valid.
- I'm fairly knowledgeable and I know my way around computers/electronics. I'm a cautious person that understands when and where an account can be hijacked... but this caught me by surprise. If this happened to me, it can easily happen to anyone... so keep your eyes open !!!
- my e-mail password is 10 characters long (upper & lower case letters + numbers + special characters) so brute force attacks are highly unlikely.
- It cannot be a hidden keyboard reader because I also have other e-mail accounts on this phone. The only hijacked account was the one that used the listed servers above.
- I was previously using Calkulin 2.8.1 ROM and I was testing various Yahoo servers (as listed above) when it first happened. I thought the custom ROM may have some security safeguards removed...
- I performed a complete ODIN re-install of stock ROM + Root, immediately after the first time my password was stolen.
- I was using the default Email client for approximately 2 weeks (with NO problems), until I decided to go back and see if Yahoo IMAP can be implemented ... and as soon as I started putting the servers listed above, it happened a second time... e-mail password stolen.
NOTES:
A) I have a feeling that using a connection WITHOUT SSL (as listed above) somehow exposed my account's name and password combination while trying to retrieve my emails. I thought I'm safe doing this because these are Yahoo servers, so I figured this cannot be the problem. I SHOULD HAVE KNOWN BETTER !!!
B) The first time it happened, I was using the phone's 3G connection and the second time I was on my WIFI at home, so the connection to the internet cannot be the problem
C) I don't have any applications installed that could possibly hijack my account. I have all the EL29 stock apps and the following downloaded straight from Market: Angry Birds, Barcode Scanner, Netflix, Speedtest and Viber. The only non-market item is AIO MOD (http://xdaforums.com/show....php?t=1390304)
Well, did any of you have this problem on any Android phone ??? Did it happen to you on Yahoo accounts or others ?
_
This problem may or may not be related to Epic 4G Touch or to Android, but it's the second time this has happened. See attached picture and try to find the problem !!! You guessed it, I moved from NY to Mexico in about 45 min !!!
After trying different Yahoo servers listed online, using the default Email application on my Epic 4G Touch (trying to get IMAP access instead of POP3) I noticed that my e-mail account & password were stolen. All my contacts received links to websites that side-loaded viruses into their computers.
I tried the following Yahoo servers, but I'm unable to pinpoint the faulty server address (most probably it's one of the servers without ssl requirement):
A)
incoming server = android.imap.mail.yahoo.com _ port = 143 (no ssl)
outgoing smtp server = smtp.mail.yahoo.com _ port = 465 (uses ssl)
B)
incoming server = imap.mail.yahoo.com _ port = 143 (no ssl)
outgoing smtp server = smtp.mail.yahoo.com _ port = 465 (uses ssl)
C)
incoming server = pop.mail.yahoo.com _ port = 995 (uses ssl)
outgoing smtp server = smtp.mail.yahoo.com _ port = 465 (uses ssl)
D)
incoming server = pop.mail.yahoo.com _ port = 143 (no ssl)
outgoing smtp server = smtp.mobile.mail.yahoo.com _ port = 587 (no ssl)
E)
incoming server = android.imap.mail.yahoo.com _ port = 993 (uses ssl)
outgoing smtp server = smtp.mobile.mail.yahoo.com _ port = 587 (no ssl)
Please note that I copied and pasted all the servers/ports as I found them listed online. I think that I tried all the combinations above, but I can't tell which one caused the problem.
EDIT 2/21/2012:
The way I personally think this has happened is that somewhere between my phone and the Yahoo server, there's some kind of automated program, sniffing for the e-mail/password combination when trying to connect WITHOUT using a secure SLL connection.
I checked my SENT folder from Yahoo and I can see all the e-mails going out, as if I had sent them myself. The above mentioned program red my entire contacts list, sent e-mails (in groups of 8 contacts at a time) in alphabetical order, until it reached the end of the list. After that it stopped. I was only able to figure this out about 30 minutes later, when I started receiving messages from "MAILER-DAEMON@yahoo.com <MAILER-DAEMON@yahoo.com>" because some e-mails were no longer valid.
- I'm fairly knowledgeable and I know my way around computers/electronics. I'm a cautious person that understands when and where an account can be hijacked... but this caught me by surprise. If this happened to me, it can easily happen to anyone... so keep your eyes open !!!
- my e-mail password is 10 characters long (upper & lower case letters + numbers + special characters) so brute force attacks are highly unlikely.
- It cannot be a hidden keyboard reader because I also have other e-mail accounts on this phone. The only hijacked account was the one that used the listed servers above.
- I was previously using Calkulin 2.8.1 ROM and I was testing various Yahoo servers (as listed above) when it first happened. I thought the custom ROM may have some security safeguards removed...
- I performed a complete ODIN re-install of stock ROM + Root, immediately after the first time my password was stolen.
- I was using the default Email client for approximately 2 weeks (with NO problems), until I decided to go back and see if Yahoo IMAP can be implemented ... and as soon as I started putting the servers listed above, it happened a second time... e-mail password stolen.
NOTES:
A) I have a feeling that using a connection WITHOUT SSL (as listed above) somehow exposed my account's name and password combination while trying to retrieve my emails. I thought I'm safe doing this because these are Yahoo servers, so I figured this cannot be the problem. I SHOULD HAVE KNOWN BETTER !!!
B) The first time it happened, I was using the phone's 3G connection and the second time I was on my WIFI at home, so the connection to the internet cannot be the problem
C) I don't have any applications installed that could possibly hijack my account. I have all the EL29 stock apps and the following downloaded straight from Market: Angry Birds, Barcode Scanner, Netflix, Speedtest and Viber. The only non-market item is AIO MOD (http://xdaforums.com/show....php?t=1390304)
Well, did any of you have this problem on any Android phone ??? Did it happen to you on Yahoo accounts or others ?
_
Last edited: