Hidden SMS messages

Citizen22

I believe I'm the target of an APT. Each phone I try seems to be hacked and details of my life are shared on a feed. GrapheneOS on a Pixel 6a is the first set up I've tried where I don't see any SoCs.
My last phone was a PinePhone running Phosh with no data plan and the WiFi hardware switch turned off. My thinking was that there would be no way to exfiltrate data, but I could still send SMS and make phone calls. Somehow I believe data was still sent from my phone. I think this was done through hidden text messages, for example using type 0 and class 0 as described in this Github repo.
I would sometimes see failed messages from a ditty that went a little something like this:
180055565 0x00 0x45 0x09 0x65}; 0x77 0xA6 0x00 0x00};
This looks like some kind of byte code with a delimiter. The message itself was also bytecode, which made me think these messages were supposed to be class 0, which allow the sending of binary data. Some of them looked suspiciously like some kind of injection, when they would include a delimiter in the bytecode mid message.
With that said, is there a way to protect from hidden SMS messages that is implemented by GrapheneOS, or is planned to be implemented? Is there a way to monitor for these messages without using the repo listed above? Is there a way to prevent someone from tracking your position using cell tower info in hidden SMS messages?

notahuman

Citizen22 i am not very smart. What is an APT?

de0u

Citizen22 Is there a way to protect from hidden SMS messages that is implemented by GrapheneOS, or is planned to be implemented?

Airplane mode, I believe, see: https://grapheneos.org/faq#cellular-tracking

notahuman

When you say "details of your life are shared on a feed" without context, it sounds possibly crazy, but you may not be crazy

What sort of feed and what sort of details?

What is SoCs?

Citizen22

notahuman
Fair enough, it is a bit crazy. I kind of hope we can focus more on the security and less on the personal details. I probably shouldn't have brought that up. If you think I sound crazy, I understand if you don't want to help.
An APT is an advanced persistent threat, which is an entity that persistently gains access to your devices in order to monitor you. For example, a state might use Pegasus software to spy on an activist. It is often zero-day, zero-click malware that leaves very little evidence of its existence.
SoC stands for signs of compromise. For example, if your phone battery is suddenly draining faster than usual and there is no clear reason why, or you can detect signals coming from your device when it's in airplane mode. I had an iPhone that would run out of battery when it was completely off. It was suddenly losing about 20% over the course of 24 hours. When I took a backup of the phone to run through software that checks for Pegasus style malware, the backup disappeared from my laptop before I could back it up to a USB
and my phone stopped using power when it was off.
I realize when I say things like this, it makes me sound crazy because the evidence (the backup) is gone and the strange behaviour of my phone stopped. You don't need to believe me in order to help me understand GrapheneOS's features related to hidden SMS messages, and location tracking.

notahuman

Also people do get targeted and hacked so I am not saying it didn't happen.

notahuman

Citizen22

I think it's very likely nation states try to compromise devices.

I am just not sure how likely it is they would put it on a feed unless they were gaslighting you to try to distract you or derail you from something they didn't like.

You don't sound necessarily crazy, it's just private data about you on a feed, I am not sure how that would happen without being blatent about the hack if you are talking RSS. It is was done in a gaslighting way only you would know (like "someone who isn't a human sure likes to watch cuck porn after ordering fried chicken" - that would be an example of an RSS feed I would know was about me but others wouldn't).

Anyone who uses Graphene is aware of the technical abilities of good hackers and that they could do things expressly to make a target seem crazy or sound crazy.

It's just challenging because someone who is actually crazy versus someone who was hacked to seem crazy by an advanced adversary will seem similar if the hacker is good enough. The RSS feed stood out as something I didn't understand.

Have you tried the Auditor App to check device integrity?

Citizen22

de0u
Thanks. I try to keep airplane on but its not always easy to find wifi when I'm out. How likely is it that a GrapheneOS phone could be compromised by a hacked router? I'm curious about this from the FAQ you sent:

In fact, sending spam would be stealthier since it wouldn't trigger alerts for silent SMS but rather would be ignored with the rest of the spam.

Does this mean GrapheneOS gives an alert when we receive a silent SMS?

de0u

Citizen22 I'm curious about this from the FAQ you sent:

In fact, sending spam would be stealthier since it wouldn't trigger alerts for silent SMS but rather would be ignored with the rest of the spam.

Does this mean GrapheneOS gives an alert when we receive a silent SMS?

I don't believe so. I believe it means that, since both "silent" and regular SMS messages could exploit a vulnerable device, an attacker could disguise an exploit as a spam text instead of sending the exploit as a "silent" SMS.

If a target device did contain code to alert on receiving a "silent" SMS, an attacker could be exposed by using a "silent" SMS, but could escape detection by using a regular SMS message.

Overall, it is more important fpr a device to not be vulnerable to any SMS than it is for the device to make a fuss about certain kinds of SMS while happily accepting other kinds.

notahuman

Citizen22 I know people get hacked sometimes and sometimes it's done in a gaslighting way. I've been hacked before, in boring ways and in ways that woukd seem crazy (like filenames changed slightly with whiever it was knowing id notice)

notahuman

notahuman Auditor doesn't offer total protection but it offers some peace of mind.

Also you could always wipe your device and reinstall GrapheneOS. The install process is easy and fast.

It would be cool if there was a way to have a script to reinstall the Apps a person wants after wiping a device. It would be faster for people with a really high threat model who need a phone.

2wnin

@Citizen22 I believe you, because something similar is happening to someone I know, including details of their life being shared on a feed.

I don't know much about detecting or defending against hidden SMS messages, but could there be other ways to exfiltrate data, for example through NFC or Bluetooth?

Are you still planning to run your phone through software that checks for Pegasus-style malware (I'm assuming MVT), in case there's a latent infection?

cyberdunce

2wnin How does someone find out if their details are being shared on a feed? Feed where?