Edit: Or maybe it's just a very weird bug – see my second post further down.
Not going to risk it either way though!
...
I was going to send my wife a text when my phone was about to die, so I clicked on my Google messenger app, but instead of it launching as normal, I was prompted for a supposed update to the Samsung messenger app. As soon as I clicked allow or accept or whatever, my phone took a picture through the camera app completely by itself (through no prompt from me) loaded up the messenger app, and appeared to be going to send the just taken picture to one of my recent message contacts, though not my most recent one. By this point I was holding the power button and had force-powered off the phone.
I'm a very security-conscious person and have worked professionally in IT related cyber security in the past. I do not visit questionable sites on my phone nor install third-party apps from untrusted sources, nor any third-party apps on this particular phone, for that matter.
The contact I mentioned earlier that the picture looked like it was being sent to? My father who works in the aerospace industry. Hopefully his phone hasn't also been compromised. Many years ago (like two decades worth now) I received a phishing message that appeared like it was from him via MSN Messenger, which this current event reminds me of.
So the (mostly rhetorical) questions are:
Do I factory reset and root the phone and install pure Android on it direct from Google, assuming I can and the phone will still work with my provider?
Leave the power off and hand the phone over to security experts (this is a personal phone that does not contain any highly sensitive information)?
Was I, this phone, or my father specifically targeted and if so by whom and for what reason?
This is what I saw unfolding live with my own eyes – what else may have happened that I haven't seen?
Should I just get a "dumb" phone since that's all I really need anyway in a personal phone (I have other mobile "smart" devices I don't use as a personal phone)?
Either way, I thought this might serve as a good warning to my fellows on the forums here that these sort of things can and do happen, even to us security-aware types.
Cheers.
Not going to risk it either way though!
...
I was going to send my wife a text when my phone was about to die, so I clicked on my Google messenger app, but instead of it launching as normal, I was prompted for a supposed update to the Samsung messenger app. As soon as I clicked allow or accept or whatever, my phone took a picture through the camera app completely by itself (through no prompt from me) loaded up the messenger app, and appeared to be going to send the just taken picture to one of my recent message contacts, though not my most recent one. By this point I was holding the power button and had force-powered off the phone.
I'm a very security-conscious person and have worked professionally in IT related cyber security in the past. I do not visit questionable sites on my phone nor install third-party apps from untrusted sources, nor any third-party apps on this particular phone, for that matter.
The contact I mentioned earlier that the picture looked like it was being sent to? My father who works in the aerospace industry. Hopefully his phone hasn't also been compromised. Many years ago (like two decades worth now) I received a phishing message that appeared like it was from him via MSN Messenger, which this current event reminds me of.
So the (mostly rhetorical) questions are:
Do I factory reset and root the phone and install pure Android on it direct from Google, assuming I can and the phone will still work with my provider?
Leave the power off and hand the phone over to security experts (this is a personal phone that does not contain any highly sensitive information)?
Was I, this phone, or my father specifically targeted and if so by whom and for what reason?
This is what I saw unfolding live with my own eyes – what else may have happened that I haven't seen?
Should I just get a "dumb" phone since that's all I really need anyway in a personal phone (I have other mobile "smart" devices I don't use as a personal phone)?
Either way, I thought this might serve as a good warning to my fellows on the forums here that these sort of things can and do happen, even to us security-aware types.
Cheers.
Last edited: