MultiROM Once Again Available for the Galaxy S4

Multiboot, or the ability to select betweenmultiple operating systems on a single device at … more

Build an Impractical But Awesome Lego Mindstorm Dock

The vast majority of what we cover here on the XDA-Developers News Portal relates to … more

MultiROM Makes its Way Over to the HTC One (M8)

While browsing our forum, you will undoubtedly find more than a few enticing ROMs available … more

Welcome to the New XDA-Developers Portal!

You may recall that a few weeks ago, we opened up the XDA-2015 forum themesto intrepid users … more
Post Reply

While on default Android Email application, my e-mail account & pass were stolen !!

20th February 2012, 10:03 PM   |  #1  
OP Senior Member
Thanks Meter: 38
 
103 posts
Join Date:Joined: Jan 2012
This problem may or may not be related to Epic 4G Touch or to Android, but it's the second time this has happened. See attached picture and try to find the problem !!! You guessed it, I moved from NY to Mexico in about 45 min !!!


After trying different Yahoo servers listed online, using the default Email application on my Epic 4G Touch (trying to get IMAP access instead of POP3) I noticed that my e-mail account & password were stolen. All my contacts received links to websites that side-loaded viruses into their computers.


I tried the following Yahoo servers, but I'm unable to pinpoint the faulty server address (most probably it's one of the servers without ssl requirement):


A)
incoming server = android.imap.mail.yahoo.com _ port = 143 (no ssl)
outgoing smtp server = smtp.mail.yahoo.com _ port = 465 (uses ssl)

B)
incoming server = imap.mail.yahoo.com _ port = 143 (no ssl)
outgoing smtp server = smtp.mail.yahoo.com _ port = 465 (uses ssl)

C)
incoming server = pop.mail.yahoo.com _ port = 995 (uses ssl)
outgoing smtp server = smtp.mail.yahoo.com _ port = 465 (uses ssl)

D)
incoming server = pop.mail.yahoo.com _ port = 143 (no ssl)
outgoing smtp server = smtp.mobile.mail.yahoo.com _ port = 587 (no ssl)

E)
incoming server = android.imap.mail.yahoo.com _ port = 993 (uses ssl)
outgoing smtp server = smtp.mobile.mail.yahoo.com _ port = 587 (no ssl)



Please note that I copied and pasted all the servers/ports as I found them listed online. I think that I tried all the combinations above, but I can't tell which one caused the problem.


EDIT 2/21/2012:
The way I personally think this has happened is that somewhere between my phone and the Yahoo server, there's some kind of automated program, sniffing for the e-mail/password combination when trying to connect WITHOUT using a secure SLL connection.

I checked my SENT folder from Yahoo and I can see all the e-mails going out, as if I had sent them myself. The above mentioned program red my entire contacts list, sent e-mails (in groups of 8 contacts at a time) in alphabetical order, until it reached the end of the list. After that it stopped. I was only able to figure this out about 30 minutes later, when I started receiving messages from "MAILER-DAEMON@yahoo.com <MAILER-DAEMON@yahoo.com>" because some e-mails were no longer valid.


- I'm fairly knowledgeable and I know my way around computers/electronics. I'm a cautious person that understands when and where an account can be hijacked... but this caught me by surprise. If this happened to me, it can easily happen to anyone... so keep your eyes open !!!

- my e-mail password is 10 characters long (upper & lower case letters + numbers + special characters) so brute force attacks are highly unlikely.

- It cannot be a hidden keyboard reader because I also have other e-mail accounts on this phone. The only hijacked account was the one that used the listed servers above.

- I was previously using Calkulin 2.8.1 ROM and I was testing various Yahoo servers (as listed above) when it first happened. I thought the custom ROM may have some security safeguards removed...

- I performed a complete ODIN re-install of stock ROM + Root, immediately after the first time my password was stolen.

- I was using the default Email client for approximately 2 weeks (with NO problems), until I decided to go back and see if Yahoo IMAP can be implemented ... and as soon as I started putting the servers listed above, it happened a second time... e-mail password stolen.

NOTES:
A) I have a feeling that using a connection WITHOUT SSL (as listed above) somehow exposed my account's name and password combination while trying to retrieve my emails. I thought I'm safe doing this because these are Yahoo servers, so I figured this cannot be the problem. I SHOULD HAVE KNOWN BETTER !!!

B) The first time it happened, I was using the phone's 3G connection and the second time I was on my WIFI at home, so the connection to the internet cannot be the problem

C) I don't have any applications installed that could possibly hijack my account. I have all the EL29 stock apps and the following downloaded straight from Market: Angry Birds, Barcode Scanner, Netflix, Speedtest and Viber. The only non-market item is AIO MOD (http://forum.xda-developers.com/show....php?t=1390304)




Well, did any of you have this problem on any Android phone ??? Did it happen to you on Yahoo accounts or others ?

_
Attached Thumbnails
Click image for larger version

Name:	E-mail Recent Activity.JPG
Views:	315
Size:	96.6 KB
ID:	911844  
Last edited by peryp9; 22nd February 2012 at 02:06 AM. Reason: small details
20th February 2012, 10:36 PM   |  #2  
Senior Member
Thanks Meter: 67
 
1,002 posts
Join Date:Joined: Dec 2009
Sounds like someone hacked your account, but I don't see how this has anything to do with Android.
20th February 2012, 10:39 PM   |  #3  
Senior Member
Thanks Meter: 1,654
 
3,911 posts
Join Date:Joined: Oct 2010
You could have an app that's reading keystrokes and/personal data. You can try doing a virus scan with avg free (uninstall it afterwards if you don't want to keep it.)

If your password was easy to guess a bruteforce could've easily gotten it. Also do a virus scan on your pc.

Sent from my SPH-D710 using Tapatalk
20th February 2012, 10:55 PM   |  #4  
Senior Member
Thanks Meter: 451
 
1,406 posts
Join Date:Joined: Dec 2010
Honestly? I'm sure yahoo is to blame...especially considering they've made their email act quirky on a lot of smartphones when not using the ymail app, I don't trust them.

Sent from my SPH-D710 using xda premium
20th February 2012, 11:30 PM   |  #5  
OP Senior Member
Thanks Meter: 38
 
103 posts
Join Date:Joined: Jan 2012
Quote:
Originally Posted by Bielinsk

Sounds like someone hacked your account, but I don't see how this has anything to do with Android.

You may be right. It probably doesn't have anything to do with Android or the default Email application. I may be the only one that has had this problem.


The only part that I am 100 % sure about, is that it happened while setting up the servers for Yahoo on my E4GT, in the default Email application. This is the second time it has happened to me, while performing identical steps.

Quote:
Originally Posted by Overstew

You could have an app that's reading keystrokes and/personal data. You can try doing a virus scan with avg free (uninstall it afterwards if you don't want to keep it.)

If your password was easy to guess a bruteforce could've easily gotten it. Also do a virus scan on your pc.

Sent from my SPH-D710 using Tapatalk


I will run some anti-viruses, but from what I was reading online, they seem to be pretty useless on Android phones.


I will post my results.
21st February 2012, 12:10 AM   |  #6  
hayabusa1300cc's Avatar
Senior Member
HOUSTON TEXAS
Thanks Meter: 606
 
2,032 posts
Join Date:Joined: Jun 2007
I had the same thing happen to me with gmail last year. I installed a free live wallpaper from the market, and 5 mind later my account was phished and (tried) to mass email all my contacts. Showed me logged in from different countries etc. luckily google email caught it and suspended the account to stop it.
I had to change my password.

.: sent from my Samsung Galaxy S II Epic 4G Touch :.
21st February 2012, 12:57 AM   |  #7  
OP Senior Member
Thanks Meter: 38
 
103 posts
Join Date:Joined: Jan 2012
Update:

I installed 3 antiviruses (Avast, Lookout and AVG Antivirus) and none of them found any problems, but I'm not surprised by this.


I was checking the Avast Firewall features and in the list I found 4 applications grouped together (I can't seem to find any references to what they perform exactly):

- SNSAccountFb
- SNSAccountLi
- SNSAccountTw
- SNS disclaimer

These applications appear legitimate (having a disclaimer installed is probably signaling a safe app) but I can't find any information about what it does.


Any help would be greatly appreciated... +1
21st February 2012, 03:32 AM   |  #8  
Senior Member
Thanks Meter: 325
 
1,677 posts
Join Date:Joined: Jun 2011
Social network service
facebook and twitter
I don't know what li stands for. Those can be safely renamed to like ...apk.bak or whatever, if you don't use the built in widget crap for that stuff. I would be careful when installing new apps next time. I'd probably odin the phone back to stock rooted with full data wipe. Not the nodata choice. I'd also consider using a different email client. I don't know how good k9 is but people like it. I'd also get a firewall/whitelist/blacklist app that you can set up and choose what apps and services get out on the internet.
21st February 2012, 04:13 AM   |  #9  
Senior Member
Flag Chicago
Thanks Meter: 43
 
434 posts
Join Date:Joined: Mar 2010
More
Quote:
Originally Posted by peryp9

Update:

I installed 3 antiviruses (Avast, Lookout and AVG Antivirus) and none of them found any problems, but I'm not surprised by this.


I was checking the Avast Firewall features and in the list I found 4 applications grouped together (I can't seem to find any references to what they perform exactly):

- SNSAccountFb
- SNSAccountLi
- SNSAccountTw
- SNS disclaimer

These applications appear legitimate (having a disclaimer installed is probably signaling a safe app) but I can't find any information about what it does.


Any help would be greatly appreciated... +1

Those are all legit Samsung apps.
21st February 2012, 04:16 AM   |  #10  
someguyatx's Avatar
Senior Member
Flag Louisville
Thanks Meter: 347
 
1,282 posts
Join Date:Joined: Feb 2012
More
I have been checking my yahoo account on phones for years first blackberry then android with no issues. Its likely a password issue. Try something 9 or more characters not from the dictionary or your life. Using a phrase like yahoosucks but making it y@h0osuck6 makes it tougher to crack. I probably need to update some of my passwords too.

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes