Hello community. I was wondering how easy/hard is to hack an /e/ phone. I have the feeling an intruder might attempt to hack my phone. How can diagnose if my phone has been hacked? Including apps like Telegram? Any ideas or advises? Model of the phone.is Samsung 8.Thank you.
legit question, hard to answer. /e/ is not the quickest in catching up to upstream and forks lag (no judgement). It’s not security focused, this has been widely discussed (I’m fine with that approach).
As you mention telegram, I assume you mean an attacker has no physical access to the phone but compromise by telegram? or an malicious app you installed voluntarily?
Media decoding vulnerabilities are popular with messengers as they can do their thing without further interaction. Not sure how telegram decodes. If you worry about high risk telegram channels, don’t visit them.
On difficulty to compromise: depends on the adversary and on the phone manufacturing date, if the vendor still supplies critical patches to parts that are outside the Android components source control.
The S8 stopped receiving Samsung patches in mid 2021. So even if you’d have updated Android components, a newly discovered vulnerability in some firmware / proprietary library will expose a user without recourse.
How to diagnose: you’d need to look at network behaviour, scan App apk, scan user received files and system files. There are forsensic tools for the system by Amnesty International and the Citizenlab.
2 Likes
Thank you so much Tcecyk, very helpful answer. Much more clear now. Have to find the sofware/safe app to scan files, etc. Any suggestions? In regard toTelegram, my concern is if the attacker can access to my chats but as you mentioned, it will depend how Telegram decodes. I’ll have to find out how that works in a different thread. Many thanks!
While this will not give you real security, I used a second user to carry out such tests, which perhaps enables one to isolate an “App in question”.
Settings > System > Advanced > Multiple users.
2 Likes
There’s the mvt-project, but at first I’d check network behaviour to confirm suspicions, on-device (Netguard?) or on the router (tcpdump → staring at packets). Reducing the number of installed apps to have an easier time attributing.
If you have reason to believe you’re targeted specifically, you should attend a hacker club closeby and get some in-person help and advice.
A custom rom is fun, but for some degrees of threats outdated phones stop being an option (sadly/vendor/industry). But I think being confronted by such is rare.
1 Like
This topic was automatically closed after 14 days. New replies are no longer allowed.