Just curious what threshold some people have for justifying whether to burn a profile or factory reset. Some people are more paranoid than others, of course. What happened that made you suspect your phone had been compromised, and what steps did you take to mitigate it? Was it something small, or something obvious?
gk7ncklxlts99w1 If your phone would be hacked I can guarantee you would not notice it. Those who claim that their phone was hacked because suddenly the mic was on or something have no clue, and are attributing some benign activity to 3letter agencies or evul zuck.
I tend to agree. It leaves me wondering, even on computers, how often do hacks to personal devices go unnoticed? And I think it would depend on the operating system. While the majority of viruses are targeted to Windows, you still have an antivirus that will catch the majority of the ones you'll find in the wild, so the end user will be notified - but if you're using Linux or Android the likelihood you'll notice anything was wrong will (I'm guessing) be close to none. How are we supposed to know?
Every single time my phone is updated to the recent GrapheneOS release, I always factory reset it to that release. I have one, sometimes two apps installed so I can be back up and running where I left off in about 15-20 minutes. I store nothing on my phone.
Call me paranoid, call me OCD, makes no difference, I just like the thought of the new fresh installation.
Would I know my phone is interfered with or hacked, no I would not, but with auto reboot dropped to 30 minutes from 2 hours, a 14 digit password and no fingerprint set up, its going to be hard to hack my phone. My data is my data, what ever little I keep on my phone, stays mine.
gk7ncklxlts99w1 how often do hacks to personal devices go unnoticed
Very often. Unless it's some skid playing stupid games like fork bomb which is immediately noticable, the most prevalent ones like info stealers are very silent.
gk7ncklxlts99w1 antivirus that will catch the majority of the ones you'll find in the wild
Oh you sweet summer child.. AV on personal device is very easy to bypass.
gk7ncklxlts99w1 How are we supposed to know?
That's the thing, you are not supposed to, TAs do a lot of stuff for you to never notice a thing. But majority of attacks are very ready to avoid, you just need a good hygiene and some common sense.
0xsigsev If your phone would be hacked I can guarantee you would not notice it.
Depends on. If you are an attractive target, you will know, because your sensitive information will leak, or your important files will be destroyed. That is, you will be doxxed if you get hacked, even if the hacker did not specifically target you. But you might not know exactly when the compromise happened, only learn about it a few days or weeks later.
gk7ncklxlts99w1 What happened that made you suspect your phone had been compromised, and what steps did you take to mitigate it? Was it something small, or something obvious?
For my phone, I have not had any suspicion of attempt at hacking me. I still clear data and cache for Tor Browser and Vanadium once every month or every second month, just as a precaution. Those apps are the most likely for me to get compromised, since used to visit only marginally trusted or entirely untrusted websites. The idea for clearing cache and data is in case app has been compromised, but no sandbox escape has been possible, yet. Clearing data should be enough to evict the attacker in that case.
For my laptop, there have been cases where I have reacted. One thing that caused me to strongly suspect a hacking attempt against Tor Browser running in one of my Whonix virtual machine in QubesOS, was that the web browser crashed within a second of opening a totally untrusted site I never visited before, and a popup talking about memory violation detected popped up. Crashes might be innocent, but can also be indicative of someone trying to hack you, as it is common things do crash during hacking attempts. I immediately nuked that virtual machine, are recreated it from scratch, restoring all files from backup. I also changed all passwords for accounts I used in that virtual machine. Needless to say, I did not have anything compromising in that virtual machine, as I do compartmentalize my life into security domains.
I also recreate or reinstall things regularly after some general sense of "having been exposed too much". Just in case. But apps, profiles and virtual machines that are only used for highly trusted things I basically never recreate, since they aren't really getting any exposure. It is unlikely any hacking attempts have been made.
ryrona Depends on. If you are an attractive target, you will know, because your sensitive information will leak, or your important files will be destroyed
Well yes, you may notice post factum, all depends on who targeted you. If this was a mass campaign majority of people won't even know, some won't even care.. if this would be targeted, again you may not know until it's too late because sad people in suits came for you.. or because your crypto wallet was emptied.
Edit: but this means something you have was most probably hacked. Not specifically a phone. Unless you only have one device.
As already said for us normies regular hygiene is good enough, for others with actual threat model beyond mass spam and opportunistic attacks, there's a lot more required than just factory resetting your phone every update.
To ask the obvious:
Are there system facilities for and tools to use these facilities, to have a chance at intrusion detection?
Intrusion detection can never be perfect because it can't prove absence of breach.
But at least we could catch presence of some breaches.
Toasted_Mustard Doesn't IPS/IDS fall under the category of "badness enumeration"?
