Compromised portable router

Durian-Pixel

Not at all,

Well as you can see, I am fighting blindfolded.

Sadly the age of social media programs people to think that they have the right to intrude into lives of others without having any consequences.

Going back to fighting blindfolded, I'm at a point now where I will have to move out of my flat but I don't want to have to buy a new laptop - so which method was used to compromise my devices will only drive me insane trying to figure it out.

I am currently on the verge of re-flashing GOS on my Pixel 6a, hopefully that will clear malware (if any) on my phone, and I am also currently stuck up on what to do with my laptop.

I'm having a hard time finding what to do, as suggested earlier - updating the firmware seems to be the only viable option but I'm afraid of exposing my MAC address online, I understand I am being extra careful but I believe that you can't be too careful these days especially when running a serious online business.

Any suggestions on what to do with my GOS moving forward would be much appreciated:

Should I switch to my sim card (same sim in my portable router) after flashing GOS again? Get a new sim card instead?
Would flashing firmware on my Lenovo laptop do the trick? Should I install Fedora afterwards which has MAC address randomization like GOS does, install Ubuntu as suggested by Tryptamine because of the TPM-backed FDE, or familiarize myself with QUBESOS?

Thanks in advanced!

de0u

Durian-Pixel I'm afraid of exposing my MAC address online, I understand I am being extra careful but I believe that you can't be too careful these days especially when running a serious online business.

With all due respect, I don't see what concealing one's MAC address has to do with running an online business. I think it might make sense to focus on the smallest number of things that would improve your confidence in your computing environment, as opposed to trying to protect/conceal everything all at once.

For example: go to a randomly-selected Best Buy, buy a cheap Chromebook (2GB of free memory available and 32GB of free storage space should be possible on a cheap Chromebook), use that to re-flash your phone (if a factory reset would not provide enough confidence). Use the Chromebook to reset passwords etc. You could even have Best Buy run a scan on your Lenovo laptop, and perhaps flash the BIOS.

Just my two cents!

matchboxbananasynergy

You don't need to reflash GrapheneOS. A factory reset does the exact same thing.

Even if your laptop/router has been compromised (I'm not going to fight you on whether it has happened or not; I don't know your circumstances), you don't just "hack" a Pixel device running GrapheneOS.

Unless you think the person doing this has millions of dollars or is some insane blackhat prodigy, you should keep in mind that Android is an extremely secure platform, and GrapheneOS only amplifies that. If they've been able to unlock your phone and potentially install software on it, then they might have installed some stalkerware app, which when given accessibility permissions can have a lot of control over your device, but that's gone with a factory reset.

If you've used Auditor before this point, you could also do a check and see whether any accessibility services have been enabled (Auditor presents results on attestation.app or the screen of a secondary device, which is useful, because an app on your own phone could present fake results if it had been taken over).

Your phone is very likely fine. You should also consider what someone said above: if someone can log into the router's admin panel, they can see traffic coming in and out, that's much easier and more likely than sophisticated persistent malware. The simplest explanation is realistically going to be more likely, as much as we can get carried away.

matchboxbananasynergy

Also, I wanted to add another point towards what was mentioned in the OP about the moderation team coming in and locking threads like this.

We do that not because we don't think people can be compromised, neither do we assume people are imagining things or trolling (though that also happens). We try to provide advice, but really, assuming what's said is true, there's only so much we can do. We develop a secure and private OS, and we can provide general advice as I have in the post above. We don't have the device, and we're not doing analysis like e.g. Citizen Lab would. If people really think they're being compromised with what sounds like insanely expensive mercenary spyware, they should be taking their devices to these organisations to have them figure it out and create a report, not posting about it here, as the latter's not going to be able to provide the assistance someone so thoroughly compromised needs.

Durian-Pixel

matchboxbananasynergy

its a valid question as most of the community are concerned with security otherwise they would have just used a regular android or iOS phone. I was getting some good suggestions until you came around basically saying "don't make our precious grapheneos look bad, hacking is only done by powerful millionaires, its super expensive", but the truth is people are actually getting hacked and its supposedly super easy and common. I don't see anything wrong in asking, I'm trying to make sure I made the right move by choosing this os, that's all.

PeterPan

tbh. if this is your room mate... go to the police or make him friend with a ****** . I assure you he won't do that again. :=)

Furthermore just to tell which webpages you visisted is not magic and even does not require any hacker skills... In addition to that thinking that the router/ap is compromised is still no evidence.

Tryptamine

Definitely get police involved if there is any suspicion of hacking. That should have been one of the first things said... There are many ways that this could have happened, as listed by all the other wonderful people above. If you want to give yourself peace of mind, that's why I gave you my suggestions. As @matchboxbananasynergy said, a factory reset is likely enough. Don't take a backup and set it up from scratch to be extra sure I guess... Only thing that won't do is replace the radio or bootloader, but that's probably not necessary.

I'm a big fan of Ubuntu, especially since they have verified and measured boot now! (Only if you install with TPM-backed FDE) 24.04 is supposed to bring in allowing third-party graphics drivers with this kind of install, 23.10 doesn't allow them yet.

There is MAC randomization on Ubuntu, I think, but maybe not by default. You can get it working with some apt packages. Really don't worry too much about that now though, you have bigger fish to fry!

matchboxbananasynergy

Tryptamine I'm a big fan of Ubuntu, especially since they have verified and measured boot now!

"verified" boot in desktop OSes isn't an actual implementation of verified/secure boot and doesn't provide the same properties required for it to be a proper security feature as on Android/iOS. It's mostly marketing.

Tryptamine

matchboxbananasynergy I dunno, seems to me that they are implementing it quite well, and not just expanding on normal Secure Boot... Of course I could be wrong! Here is another source. I'm sure it is implemented differently in GrapheneOS, would you mind letting me know what is missing from their description of verified and measured boot in conjunction with a secure element is different from how it is done on Android or GrapheneOS? I'd love to know, can't find much more on my own! To me it seems like something desirable to have.

I believe that verified boot on Android attempts to undo corruption or damage to system files, and their method would just result in a boot failing. Is this what you are talking about?

Secured boot has been a thing on the desktop for over 12 years, be a shame if they haven't gotten it right yet. I think it only verifies the early boot process though. Ubuntu's new approach seems to verify the whole boot chain. Then record the process and compare to a "known good" boot to ensure that it went OK. After only allowing each module to load if it is signed with the correct cryptographic keys.

Also you need to do a lot of digging to find this stuff! They don't "market" these features at all...

If you can teach me something about how Android implements it that is different, I'd be most appreciative!

AtavisticPuma

Apart from the reflashing advice, I think it is good general advice to also make sure you are managing your stress levels.
There is a saying, "The best revenge is living well". If you have an enemy who is trying to disrupt your life, make sure you are not doing all the work for them, turning your life upside down and spending thousands of $$$ just based on some vague comments.

Before making big life changes, check in with a calm, level-headed friend to see if they think your reactions make sense given the situation you are in. Talking to a counsellor could help here too, to help you get out of this panic mode, which is the end-goal for most harassers.

Obviously I don't know your whole situation, but from what you've shared I think it sounds very rash to want to sell your devices and move towns based on inferences that you made after one or two conversations with a roommate. Especially given that you don't have a great amount of understanding of how hacking works and what the evidence for it would look like.

Tryptamine

AtavisticPuma Before making big life changes, check in with a calm, level-headed friend to see if they think your reactions make sense given the situation you are in. Talking to a counsellor could help here too, to help you get out of this panic mode, which is the end-goal for most harassers.

I think this is the best advice yet!

Take it easy, and yes, please don't sell your devices. You can certainly clean them out, follow some of the suggestions above or do your own research! If you do your own reading though, take the drastic suggestions with a LOT of salt!

matchboxbananasynergy

Durian-Pixel "don't make our precious grapheneos look bad, hacking is only done by powerful millionaires, its super expensive"

That is not at all what I said, and it's not specific to GrapheneOS. If you think compromising an up-to-date and patched Android device on decent hardware is easy or commonplace, you're sorely mistaken.

It was already explained to you how one can "easily" install stalkerware on an Android device in a way that doesn't require anything advanced, however that requires them having physical access to the device and being able to install an app.

Not only did I mention that, but I also gave you actionable steps (factory reset, don't reflash, if you've made an initial pairing with auditor, use it to check the integrity of the device with high security guarantees). Yet this is your response?

If you want to think you've been magically compromised by some imaginary zero day exploit chain that a normal person possesses yet nation states pay millions upon millions of dollars for, then I don't know what else I can tell you.

Durian-Pixel

Best buy, chrome books, police etc. Not so easy in a 3rd world country.

I was def hacked and just don't know how. Pointing at the specifics like trying to conceal my MAC address is besides the point, I'll do anything to get to the bottom of it.

Anyways, a lot of good suggestions here, really appreciated it. More is welcome of course

Durian-Pixel

matchboxbananasynergy

Not going to argue with you anymore, hacking is super easy.

PS: people liking your comment doesn't validate it

Watch this: https://youtu.be/VPd8s0DrheU?si=4ChTpF6oPWcdGuXg

matchboxbananasynergy

I highly suggest not using YouTube as a source to learn about these topics. The thread isn't productive, and it's fairly obvious that you don't need actionable advice if people aren't going to confirm your belief that you've been compromised.

When someone believes that they've been compromised for vague non-technical reasons, there's rarely a technical solution to the issue.