# Consistent Unauthorized Third Party



## KevBJr (Feb 10, 2020)

Sorry if this is story/long. I wrote out and have to post it in a local library as it won't post from my house when on the network, or mobile data, or both, even with a VPN.

So I've had this problem for at the very least about a year now. If I think back, it's been going on for a lot longer than that.

It started off with my Galaxy S8 on ATT. It was subtle at first and I just presumed them to be glitches. Webpages would open by themselves. The back button would randomly go off at times. Things would "click" themselves. It wasnt as prominent as it is now so I just assumed it to be weird errors.

So around April of 2019 the glitches got so bad that I thought my phone was being hacked and I needed to get my own plan so I upgraded to an S10 on the T-Mobile network.

Things started off slow, but the same kind of problems kept happening. It just got a lot creepier because webpages started to open by themselves had significance to what was going on in my life. Like I had been fighting with my GF and a PsychologyToday article about narcissism opened on my phone which was beyond reaching distance.

I still had my S8 and used it at home to simply surf the web and such. There was a point where I thought I was going to end up in someone hacking my account and exposing stupidly taken nudes. Because I had my new S10 and was scared, I ripped the back of the S8 off and ripped the battery out.

This is where I believe I discovered one of the primary problems. Now the S8 might take a 15 second charge if I plug it into the wall, but it had enough juice to start up and when it accessed the PlayStore it showed up as two unique devices.

The PlayStore had two Galaxy S8's with just slightly different names accessing my account on the same day. I've almost always felt like I was guest on my phones while someone else was the administrator. My Note10+ had a similar issue which I will get to later.

So my S8 is toast now because the battery isn't removable on the fly. So I'm using the S10 now and the same problems keep happening. Things clicking themselves, webpages opening, as I'm typing something will hit space midword, and the creepy feeling of an omnipresent watcher.

I realized my S10's dictionary of used words was just kind of off. Words I wouldn't use started to show up in my autopredictions. One day perplexed by what was showing up, I just began hitting the center word. The sentence that popped up was something like "I really enjoyed the video of the 15 year old girl". Special note, my phone is beginning to lag terribly the farther I get into this. So freaked out by that 15 year old girl sentence I erased it, but curious repeated the process again. It turned into what looked like a suicide letter. I didnt know what to make of it, but thought I might get killed and set up to look like a pedophile/suicide case.

This is when I turned off it's network access and began using a low end prepaid Android. I actually went through two. At this point everything I touched techwise began to malfunction. For some reason my FiOS didn't want to work so I bought a hotspot pass from Xfinity. Long story short, this phone apparently used 300 GB of data in one week. The phone itself registered 30 GB for two months. The S10 I had bricked apparently had the capability to send cellular data stil as well. It wasn't a ton, but there shouldnt have been any. When I questioned T-Mobile they couldnt give me a straight answer.

So at this point I have a Galaxy S8 showing up as two devices, an S10 that should be off, and another phone that had 270 GB of data go missing. I tried calling Xfinity about the data, but couldn't get through. I tried my T-Mobile line, my father's Verizon line, a third party app combined a VPN, and even walked to a local firehouse around midnight. My grandmother's home phone line with Comcast even died while I tried to get though.

I tried a cheap trac phone, but the camera on that would turn off and on by itself. I'm not an apple fan but tried an iPhone 6S on the trac as well. Still had the same unnerving issues. I didnt trust the S10 so I hoped a clean start with new number on a new network would help so I got my grandmother to get me a Note10+ on her Verizon account.

This phone has acted the same way as the others and has had the same weird issues. Showing up as two devices? In Members I had two Note10's. The first was named something like "Verizon Note10+ 256 GB". It looked official but when selected under serial number it had my IMEI number. Now the second Note10 was named, generically, "Samsung Device". But when this was selected next to serial number was the correct one.

I questioned Samsung help about this, even asking which one to remove but couldnt get a straight answer from the rep. It was so vague and confusing I even gave the guy option a or b, and got nothing.

I was tinkering around with an app called 3C toolbox and at one point I believe my phone was running five simultaneous Android OS. When looking at an IP log I had taken, I took a few pictures from my laptops computer screen. I had the phone's wifi off, bluetooth off, mobile data off, and in airplane mode. I have no idea how it happened, but I guess my phone picked up a rogue connection somehow and the pictures began erasing themselves.

I cant be certain of what's going on but whoever has access is able to go into my accounts via my phone. Going back to the S8, I tried purchasing a recovery software because I thought looking into the innards of my phone might give me some insight. The email with the verification code was snoozed on me, and the only device logged into my gmail was my S8. There was no notification of a sign in attempt, so I presume it was snoozed through my device.

My tech in general has gone to hell this year. When the S8 was acting funny I was doing research on my very old laptop. The network driver uninstalled itself. This is when I bought a chromebook. The operating system corrupted within a week. For some reason I thought iOS might help so I bought an iPad. When I connected it to my home network during setup the pin changed bricking it. So I bought another chromebook, and decided to update and set it up in the Target I purchased it at. There was already an owner to the device. Things had been so wrong for so long I simply kept it. I bought another laptop which works ok, but you can tell something's off.

The most frustrating purchase beyond the Galaxy's was a Macbook Air. After trying to get iPad that bricked itself fixed, but couldnt I bought the Air on the spot with Apple Care. I sent logs and videos to Apple and was told it'd take a week. Two and half months later, questions unanswered, blatant videos, I was told nothing was wrong with it. The thing turned itself on just last month and I only know that because my router showed that it had connected.

At this point I've tried Bitdefender, Lookout, Malewarebytes, McAfee, Kaspersky, and probably a few others. In terms of VPNS I've tried a few. But going back to when my keyboards dictionary changed about liking underage girls and what seems to be the ability for someone to access my accounts and use them as their own I'm somewhat afraid of hiding myself. I wish there was the opposite, no logs, I want super logs.

But back to the main point. I've had three high end galaxy devices all with this same issue. I'm not sure who it is, but by power of deduction, Iwould guess the government. I mostly say that because of when I tried to save the data from Xfinity and five different forms of communication couldnt get through. From another standpoint the issue is larger than just my creepy stalking feelings because this could be hypothetically dormant on a massive amount of phones leaving bank accounts, social security numbers, really important information available for prying eyes. I wouldn't of realized until things got strangely personal.

The closest thing I found was Pegasus. I say that because I had friends phones who began to malfunction in the same way as mine and the only thing linking us were phone calls.

My bet is its a day one exploit. When my phone starts up it looks like it's skipping critical android functions. Story sounds crazy, but I've tried every OS and Network. Others have been having similar problems as well. Read the reviews for this ip. https://whatismyipaddress.com/ip/2607:fb90:5c3c:6fac::41:f20e:701. This IP broke into my Facebook silently and the only reason I found it was through downloading an archive of my facebook. And the only reason I did that was because it was like I was led there as things quickly highlighted themselves just long enough to catch a glimpse.

I tried ignoring it. But it's really hard to do. what got me today was my volume buttons decided to stop working. The down button works though because I can still take a screenshot. Of those I have many, I have the whole story documented because even I think it sounds ludicrous at points.

Hopefully when I send it to Samsung they can actually diagnose the problem.

I cant verify but half the time I talk to reps on the phone or through chats they dont work for the respective companies. A story for another time, but let's just say I just signed up for Hulu and when I asked why 24 devices were signed into my account they said it was a normal glitch. Understandable enough, but some had distinct names lik Andy's iPhone.

TL;DR - all my stuffs hacked, third party user controls device thinking it's you, possible key logging / video jacking meaning cell phone users passwords are highly susceptible


----------



## lunarlander (Sep 22, 2007)

Androids are not secure, period. Take whichever one you want to fix to a cellphone repair place and ask them to load a clean image, as in reset image. Some hacks are able to affect the reset image too, so a phone reset brings you back to square one - hacked. 

After you get it back from, the store and you go thru the steps of re-initializing the thing, skip account creation. So you wouldn't have a Google email. After skipping that step and finishing setting Samsung things, go to Settings > Apps. From the menu checkmark Show System Apps. Then go thru all the apps one by one, and where one allows you to disable, Disable it. Your phone should still work with every disable-able disabled. You can still make and receive phone calls, send & receive SMS, browse with Chrome. However with all the things disabled, you won't be able to use Google Play Store, and no gmail. To add apps, go to sites like apkpure.com and download the app installers. 

Also find "noroot firewall" and install that. 

Forget about VPN's. Most web sites are now SSL padlocked. So there is no need for another layer of encryption. That would mean nosey hackers can see where you're surfing to when you are connected to a hotspot, but so can the person sitting beside and behind you. Just don't use hotspots. You can turn off Wi-Fi for good. Also turn off Location.

Cell phone hackers have powerful transmitters that can override your home WiFi, so that you connect to his similarly named SSID and not yours. And from there they can begin attacking your cell. I don't use WiFi unless I absolutely have to.


----------



## Professionalgirl (Jan 10, 2020)

Hi KevBJr, Please follow the first and third steps below only if you have a Windows laptop/desktop.

1. For as much as I want to assist with malware removal, I am not authorized in this forum even though I am an actual technician with a B.A level graduate degree in network security. You will need to wait for one of the malware specialist to help you remove threats from your device. However, once the malware specialist steps in to help you remove nasty threats from your system please follow the instructions below to prevent having this happen again.


2. It sounds like someone hacked into your entire network and nearby devices as well as your friends. This is normally the result of a large and very serious botnet attack. You should report it to your ISP (Internet Service Provider) ASAP (As Soon As Possible) to prevent further attacks, and if possible switch to another ISP and create entirely new accounts with strong 30 or more character passwords mixed with upper and lower case letters with numbers and symbols. You should do this for your WIFI connection as well and try using the most secure connection such as WPA2 (WiFi Protected Access Version Two) With AES (Advanced Encryption Standards) and change the default key to a stronger password. Navigate to the settings on your devices and make sure the SSID (Service Set Up ID is disabled) after you are done setting up your new connection. You may also want to use a different name for your WIFI access point like you have for this forum. You can also select hide this connection if the setting is available on any of your devices.

3. If you have a Windows laptop you could try changing the router home page default password from admin admin or admin password to a much stronger 30 or more character password but you will first need to use cmd (command prompt) with administrative privileges and type ipconfig and than use the default gateway address to access your router home page. Next you will want to navigate to the settings on your router's homepage that allows you to change the password for network access. You should also disable all remote assistance tools, remove third party remote assistance tools from any laptop that may support remote assistance and use a good security center with a firewall that will protect all of your devices on your home network.

4. Another thing to try is creating a brand new Gmail account with a unique name like you have in this forum and, a much more difficult to guess password using a different user name by following the steps above for character criteria. You may also want to create a different password for each account to improve security and make it difficult for the hacker to gain unauthorized access to all of your accounts. If the hacker makes an attempt to hack one of your accounts he may only be able to access that one account and not the rest if a different password is used. The hacker will have a difficult time when you harden your security and will move on to an easier target.

5. Uninstall unknown third party software as it may pose a security risk to your devices as well.


----------



## TerryNet (Mar 23, 2005)

Professionalgirl said:


> You will need to wait for one of the malware specialist to help you remove threats from your device.


Be a long wait.  The malware specialists work on Windows, not Android or iOS.



Professionalgirl said:


> If you have a Windows laptop you could try changing the router home page default ...


Nothing magic about Windows for this suggestion. Works equally well with any operating system on computer, tablet or smart phone.


----------



## Professionalgirl (Jan 10, 2020)

TerryNet said:


> Be a long wait.  The malware specialists work on Windows, not Android or iOS.
> 
> Nothing magic about Windows for this suggestion. Works equally well with any operating system on computer, tablet or smart phone.


Oh, I just meant only if KevBJr has a Windows laptop that was connected to the same network as the infected devices. I apologise I should have made this more clear TerryNet. Anyway, Thanks for informing me.

If KevBJr only has Andriods and Apple OS, than none of us can help as it would be beyond our exportise. In that case the only suggestions are the ones I made earlier to secure his/her network.


----------

