FORUMS

I/O Summary: How Android M Handles Power And Charging

In the spirit of improving the core Android experience, Google is changing Android … more

I/O Summary: Google Photos App

At I/O 2015, Google tackled the information problem in mobile once more, this time through … more

I/O Summary: Development, Play Store, The Next Billion

VP of Engineering Jen Fitzpatrick began talking about what Google is doing to … more

I/O Summary: Google Now on Tap

Google is all about organizing the world’s information to make it universally useful, and these … more

While on default Android Email application, my e-mail account & pass were stolen !!

Thanks Meter: 38
 
By peryp9, Senior Member on 20th February 2012, 10:03 PM
Post Reply Subscribe to Thread Email Thread
This problem may or may not be related to Epic 4G Touch or to Android, but it's the second time this has happened. See attached picture and try to find the problem !!! You guessed it, I moved from NY to Mexico in about 45 min !!!


After trying different Yahoo servers listed online, using the default Email application on my Epic 4G Touch (trying to get IMAP access instead of POP3) I noticed that my e-mail account & password were stolen. All my contacts received links to websites that side-loaded viruses into their computers.


I tried the following Yahoo servers, but I'm unable to pinpoint the faulty server address (most probably it's one of the servers without ssl requirement):


A)
incoming server = android.imap.mail.yahoo.com _ port = 143 (no ssl)
outgoing smtp server = smtp.mail.yahoo.com _ port = 465 (uses ssl)

B)
incoming server = imap.mail.yahoo.com _ port = 143 (no ssl)
outgoing smtp server = smtp.mail.yahoo.com _ port = 465 (uses ssl)

C)
incoming server = pop.mail.yahoo.com _ port = 995 (uses ssl)
outgoing smtp server = smtp.mail.yahoo.com _ port = 465 (uses ssl)

D)
incoming server = pop.mail.yahoo.com _ port = 143 (no ssl)
outgoing smtp server = smtp.mobile.mail.yahoo.com _ port = 587 (no ssl)

E)
incoming server = android.imap.mail.yahoo.com _ port = 993 (uses ssl)
outgoing smtp server = smtp.mobile.mail.yahoo.com _ port = 587 (no ssl)



Please note that I copied and pasted all the servers/ports as I found them listed online. I think that I tried all the combinations above, but I can't tell which one caused the problem.


EDIT 2/21/2012:
The way I personally think this has happened is that somewhere between my phone and the Yahoo server, there's some kind of automated program, sniffing for the e-mail/password combination when trying to connect WITHOUT using a secure SLL connection.

I checked my SENT folder from Yahoo and I can see all the e-mails going out, as if I had sent them myself. The above mentioned program red my entire contacts list, sent e-mails (in groups of 8 contacts at a time) in alphabetical order, until it reached the end of the list. After that it stopped. I was only able to figure this out about 30 minutes later, when I started receiving messages from "MAILER-DAEMON@yahoo.com <MAILER-DAEMON@yahoo.com>" because some e-mails were no longer valid.


- I'm fairly knowledgeable and I know my way around computers/electronics. I'm a cautious person that understands when and where an account can be hijacked... but this caught me by surprise. If this happened to me, it can easily happen to anyone... so keep your eyes open !!!

- my e-mail password is 10 characters long (upper & lower case letters + numbers + special characters) so brute force attacks are highly unlikely.

- It cannot be a hidden keyboard reader because I also have other e-mail accounts on this phone. The only hijacked account was the one that used the listed servers above.

- I was previously using Calkulin 2.8.1 ROM and I was testing various Yahoo servers (as listed above) when it first happened. I thought the custom ROM may have some security safeguards removed...

- I performed a complete ODIN re-install of stock ROM + Root, immediately after the first time my password was stolen.

- I was using the default Email client for approximately 2 weeks (with NO problems), until I decided to go back and see if Yahoo IMAP can be implemented ... and as soon as I started putting the servers listed above, it happened a second time... e-mail password stolen.

NOTES:
A) I have a feeling that using a connection WITHOUT SSL (as listed above) somehow exposed my account's name and password combination while trying to retrieve my emails. I thought I'm safe doing this because these are Yahoo servers, so I figured this cannot be the problem. I SHOULD HAVE KNOWN BETTER !!!

B) The first time it happened, I was using the phone's 3G connection and the second time I was on my WIFI at home, so the connection to the internet cannot be the problem

C) I don't have any applications installed that could possibly hijack my account. I have all the EL29 stock apps and the following downloaded straight from Market: Angry Birds, Barcode Scanner, Netflix, Speedtest and Viber. The only non-market item is AIO MOD (http://forum.xda-developers.com/show....php?t=1390304)




Well, did any of you have this problem on any Android phone ??? Did it happen to you on Yahoo accounts or others ?

_
Attached Thumbnails
Click image for larger version

Name:	E-mail Recent Activity.JPG
Views:	318
Size:	96.6 KB
ID:	911844   Click image for larger version

Name:	E-mail Recent Activity.JPG
Views:	318
Size:	96.6 KB
ID:	911844  
Last edited by peryp9; 22nd February 2012 at 02:06 AM. Reason: small details
 
 
20th February 2012, 10:36 PM |#2  
Senior Member
Thanks Meter: 68
 
More
Sounds like someone hacked your account, but I don't see how this has anything to do with Android.
20th February 2012, 10:39 PM |#3  
Senior Member
Thanks Meter: 1,655
 
More
You could have an app that's reading keystrokes and/personal data. You can try doing a virus scan with avg free (uninstall it afterwards if you don't want to keep it.)

If your password was easy to guess a bruteforce could've easily gotten it. Also do a virus scan on your pc.

Sent from my SPH-D710 using Tapatalk
20th February 2012, 10:55 PM |#4  
Senior Member
Thanks Meter: 451
 
More
Honestly? I'm sure yahoo is to blame...especially considering they've made their email act quirky on a lot of smartphones when not using the ymail app, I don't trust them.

Sent from my SPH-D710 using xda premium
20th February 2012, 11:30 PM |#5  
OP Senior Member
Thanks Meter: 38
 
More
Quote:
Originally Posted by Bielinsk

Sounds like someone hacked your account, but I don't see how this has anything to do with Android.

You may be right. It probably doesn't have anything to do with Android or the default Email application. I may be the only one that has had this problem.


The only part that I am 100 % sure about, is that it happened while setting up the servers for Yahoo on my E4GT, in the default Email application. This is the second time it has happened to me, while performing identical steps.

Quote:
Originally Posted by Overstew

You could have an app that's reading keystrokes and/personal data. You can try doing a virus scan with avg free (uninstall it afterwards if you don't want to keep it.)

If your password was easy to guess a bruteforce could've easily gotten it. Also do a virus scan on your pc.

Sent from my SPH-D710 using Tapatalk


I will run some anti-viruses, but from what I was reading online, they seem to be pretty useless on Android phones.


I will post my results.
21st February 2012, 12:10 AM |#6  
hayabusa1300cc's Avatar
Senior Member
HOUSTON TEXAS
Thanks Meter: 621
 
More
I had the same thing happen to me with gmail last year. I installed a free live wallpaper from the market, and 5 mind later my account was phished and (tried) to mass email all my contacts. Showed me logged in from different countries etc. luckily google email caught it and suspended the account to stop it.
I had to change my password.

.: sent from my Samsung Galaxy S II Epic 4G Touch :.
21st February 2012, 12:57 AM |#7  
OP Senior Member
Thanks Meter: 38
 
More
Update:

I installed 3 antiviruses (Avast, Lookout and AVG Antivirus) and none of them found any problems, but I'm not surprised by this.


I was checking the Avast Firewall features and in the list I found 4 applications grouped together (I can't seem to find any references to what they perform exactly):

- SNSAccountFb
- SNSAccountLi
- SNSAccountTw
- SNS disclaimer

These applications appear legitimate (having a disclaimer installed is probably signaling a safe app) but I can't find any information about what it does.


Any help would be greatly appreciated... +1
21st February 2012, 03:32 AM |#8  
Senior Member
Thanks Meter: 331
 
More
Social network service
facebook and twitter
I don't know what li stands for. Those can be safely renamed to like ...apk.bak or whatever, if you don't use the built in widget crap for that stuff. I would be careful when installing new apps next time. I'd probably odin the phone back to stock rooted with full data wipe. Not the nodata choice. I'd also consider using a different email client. I don't know how good k9 is but people like it. I'd also get a firewall/whitelist/blacklist app that you can set up and choose what apps and services get out on the internet.
21st February 2012, 04:13 AM |#9  
Senior Member
Flag Chicago
Thanks Meter: 43
 
More
Quote:
Originally Posted by peryp9

Update:

I installed 3 antiviruses (Avast, Lookout and AVG Antivirus) and none of them found any problems, but I'm not surprised by this.


I was checking the Avast Firewall features and in the list I found 4 applications grouped together (I can't seem to find any references to what they perform exactly):

- SNSAccountFb
- SNSAccountLi
- SNSAccountTw
- SNS disclaimer

These applications appear legitimate (having a disclaimer installed is probably signaling a safe app) but I can't find any information about what it does.


Any help would be greatly appreciated... +1

Those are all legit Samsung apps.
21st February 2012, 04:16 AM |#10  
someguyatx's Avatar
Senior Member
Flag Louisville
Thanks Meter: 349
 
More
I have been checking my yahoo account on phones for years first blackberry then android with no issues. Its likely a password issue. Try something 9 or more characters not from the dictionary or your life. Using a phrase like yahoosucks but making it y@h0osuck6 makes it tougher to crack. I probably need to update some of my passwords too.
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes