I’m running Graphene on a Pixel 6. I lost it and someone opened it somehow and called two of my contacts to give it back.
I’m a bit confused how this even happened. When I got the phone back, they were going through my contacts. I checked app usage stats and they went through a banking app (not missing money), maps, signal, etc.
Is there a way to figure out how they even unlocked my phone?
I highly recommend 𝗧𝗘𝗖𝗛𝗥𝗘𝗩𝗢𝗞𝗘 anyone who has been scammed or hacked and needs help recovering their funds https://www.instagram.com/techrevoke
If they were able to guess your pin, you should probably switch to a longer pin or a password. It seems insane at first to type a long password, but if you pick two long scientific words, its secure with only letters.
I use a password longer than the android limit (16 characters) since graphene allows longer; I use letters numbers and symbols. But I also use biometrics, because fuck typing that every time I need to open my phone. Allows for a very secure fresh (re)boot state, and with decent security when it has been unlocked at least once. I also use Locker, which (assuming it works, it’s a few years old now, luckily never had to see) lets you set a max number of unlock attempts before using admin privileges to wipe. And graphene lets you set a ‘time since last unlock’ auto-restart, to get that initial secure state back.
Probably overkill, but I have leos in the family and I have been harassed before several times over the years (often without any cause or merit), as a teenager and beyond, and I don’t trust anyone wearing a badge anymore. So ‘plan for the worst, hope for the best’ is my strategy.
Is your pin something like 1234? Do you have emergency contacts set up? Do you have a setting to not lock the phone until very long? Or a smart unlock based on location or any other automation setting? An easy password hint pops up or something? Perhaps your parents forgot to mention you had a twin, who face unlocked it.
Regarding app usage, my guess is they tried to see whom to contact to give your phone back, or map history, the banking app could be a touch by mistake too.
I have that same combination on my luggage!
Hey, how did you guess my secret pin!? That is a very difficult pin that I’ve had for every account for years! /s
Was it perhaps unlocked when you lost it?
I know I’ve set my phone down unlocked a few times; particularly at work (in a warehouse).
Is it possible that something else was installed to the phone? If they manage to hack it open, then potential reason to return it to you is to spy on you.
theyd have to be important, unlikely. even if this is cia shit tjey wouldnt make it obvious someone got in
Why not? Most people ITT clearly don’t seem security minded enough to even think of that as a possibility.
Perhaps they simply took out the sim card and inserted into another phone, giving them access to contacts (that could have been saved into the chip instead of the original phone)?
Good thinking but doesn’t explain how they accessed the apps.
That’s true. They must have gained access to the phone itself somehow.
If someone calls you and theres a missed call notification can they just click it to call back without unlocking the phone?
Oh i didnt notice they went through other apps. Maybe they were watching you and saw you input your pin and then stole it and checked your stuff to see if they can get something useful and then returned it?
Wouldn’t a thief just factory reset and sell it, instead of taking the additional risk of returning it?
You need the pin/password, regardless if the phone was unlocked or you fooled the biometric scanner, to wipe it. If you factory reset it by the recovery method, it will want the Google account that was last signed in before it lets you proceed. it’s been years since I had to do this, but it is a nice attempt to reduce phone thefts. (that is (might be?) nullified on graphene as it can skip the gps package, but for the usual user it’s a nice feature)
Gonna need to know more. What method do you use to lock your phone? Is it rooted?
Also: did they return the phone to you, or to your friend? Could it be your friend who went through these apps?
Fingerprint and pin code. They left the phone at a store nearby and I went to pick it up
What I said, a smartphone can never be a secure device and this is why it is crazy to have sensitive data stored in these gadgets. It is certainly unlikely that this person gained access by trying the pins, because the cell phone would be blocked after the third failed attempt, but even so, a computer expert needs seconds to access, bypassing this little protection that cell phones have. You can be happy that your Secure Banking app is better protected, probably with 2FA, coordinate card, ID card or similar. In any case, this mobile phone is already compromised, which makes it necessary to change at least the credentials, better even your phone number (ask your ISP). Also be attentive, since this person may have been honest, but he returned it may also be because he was not interested in the cell phone, but in the address where you live.
A smartphone has better protection and actual disk encryption than probably 90% of all Computers or Laptops since its enabled by default.
No, it isn’t, independent of that it’s easier to get lost or robbed.
https://www.techradar.com/news/8-reasons-why-smartphones-are-privacy-nightmare
No, it isn’t, independent of that it’s easier to get lost or robbed.
https://www.techradar.com/news/8-reasons-why-smartphones-are-privacy-nightmare
Thats not what i said.
Modern Smartphones offer a much better protection against data extraction than regular Computers/Laptops.
The own OS and preinstalled app in a Mobile are extracting your data. This you can only avoid to root it to be able to desinstalar them, but this cause that you must made the security updates by yourself, in rooted phones it isn’t automatic. Than use only apps from F-Droid and not from the Store, install an paid AV and use VPN. Only in this way it is somewhat more secure. Better if you use some Linux Mobile.
The own OS and preinstalled app in a Mobile are extracting your data. This you can only avoid to root it to be able to desinstalar them, but this cause that you must made the security updates by yourself, in rooted phones it isn’t automatic. Than use only apps from F-Droid and not from the Store, install an paid AV and use VPN. Only in this way it is somewhat more secure. Better if you use some Linux Mobile.
How is this different from Windows?
Sure, but how often do you take your desktop on a walk?
I wrote Laptop also. Pls do not try to misdirect.
Pixel 6 series has the well known atrociously insecure fingerprint hardware. Pixels are incredibly insecure phones and have a lot of hardware QC issues.
The other possibilities can be that the pin screen does not jumble numbers, and your phone’s fingerprint smudges were used to open phone, or that you may have a weak pin, which I am not sure you would, considering you are on Lemmy’s privacy community.
Lol pixel 6 did have fingerprint reader issues. But pixels are incredible secure overall. But you got a bit of a fixation don’t ya?🤡
