definitely hacked or something

Zzzz · 2025-03-28T05:20:04+00:00

angela Malicious JavaScript should not be able to exit tor browser sandboxing.

Heads up, GOS devs say this about Firefox and variants (including Tor browser):

Firefox doesn't have a basic content sandbox on Android, let alone site isolation, and it has a lot of other security deficiencies.

The browsers referring to themselves as hardened Firefox variants only harden privacy, not security, and in fact most bring more security issues.

This applies to the Tor Browser too.

https://grapheneos.social/@GrapheneOS/111969790767423663

Your issue is probably the upstream bug mentioned earlier, though.

00xsigsev · 2025-03-28T05:46:30+00:00

angela You were not hacked, you pressed buttons to do a screen capture and mic led is a known upstream bug that makes people say they were hacked.

Drop all the Tor nonsense because you don't need it unless accessing onion services or living in a country blocking VPN..

Aangela · 2025-03-28T12:14:58+00:00

thmf except I just had rebooted and hasn't used the microphone at all since the reboot

This error says sometimes if you use mic, green dot comes on later, after having used the mic. Could this error result in green dot showing on a device rebooted slightly earlier with no mic use?

Aangela · 2025-03-28T12:21:50+00:00

zzz even if tor browser lacks decent sandboxing, shouldn't GOS protect me? I also don't even know if this resulted from browser usage. It was at the same time. Other Apps were in background.

Can someone please confirm if green light randomly turning on after fresh reboot with no mic usage could be accounted for by this issue?

Privacy dashboard doesn't show any access at time of green light.

I have also had another call randomly happen in the week or two. Could have been accidental dial, but didn't think so. It feels like someone is hacking me.

Ddhhdjbd · 2025-03-28T12:34:24+00:00

angela not sure if i read wrong but to me it sounds like in the first issue linked they say the bug happens by just turning acces on/off.

were your mic acces on/off and did you turn it on/off?

DDelaney · 2025-03-28T13:15:59+00:00

0xsigsev Drop all the Tor nonsense because you don't need it

Says who? If they want to use tor for general browsing that's their choice

raccoondad · 2025-03-28T13:59:33+00:00

0xsigsev "Drop all the Tor nonsense because you don't need it unless accessing onion services or living in a country blocking VPN"

Tor is a perfectly fine proxy to use and the Tor Browser is a fine browser to use if you wish (however the Android version is lacking if I'm not mistaken.)

VPNs have a minor privacy flaw tor trys to solve with onion routing, not to mention good trustworthy VPNs cost money.

Using Tor is fine, I have contributed to the project a few times, I would be happy if people used the project more for what they wished. We shouldn't gatekeep a network

00xsigsev · 2025-03-28T14:22:04+00:00

raccoondad And I wish people would realize that it is not a silver bullet, and won't solve their problems nor it satisfies their needs. I was in a middle of a response to previous poster asking who would tell them not to use XYZ, but there obviously is a lack of understanding on the usage of various tools..

It's not anonymous as you think it is. It's easily fingerprint-able, and you put trust in random person who runs the nodes.

Just because you can does not mean you should.

raccoondad · 2025-03-28T14:38:30+00:00

0xsigsev "and you put trust in random person who runs the nodes."

You are putting trust in 3 random nodes to not be by a single attacker, including the guard node, and then assuming that Tor themselves doesn't pick up on this and remove them.

Sybli attacks are always an issue on Tor, and it should be talked about more, but you aren't putting trust in a single node operator, that's not accurate framing.

"Its easily fingerprintable", in what capacity? Most people simply want their IP hidden, why VPN services exist.

00xsigsev · 2025-03-28T14:48:57+00:00

raccoondad Most people simply want their IP hidden,

That's not how it looks like when you see discussions why people decide to use tor. I am not trying to say Tor is bad or worse than a VPN. it has its use cases, but I've seen people putting trust in the implementation of it on Android while it was leaking putting them at risk because of using it in countries where it can be penalized.

While many people speak about it based on what they see online, why I discourage usage of Tor instead of VPN is based on my experience and things I witnessed first hand. Every tool has it reasons and usage. All I'm saying.

raccoondad · 2025-03-28T14:55:08+00:00

0xsigsev yes people not understanding their tools is an issue, especially when they don't realize certain implementations, like the mentioned android implementation, are insecure.

As for countries where it is penalized, I also agree that's problematic, less so because of androids implementation, and more so on how bridges are.

I think bridges are a fine idea, just that packet analysis seems to be a serious issue. I never read the protocols details, just that it apparently mimics https to try and hide itself(?)

Tor is great for port forwarding & routing anonymity, I think a lot of issues with Tor comes from outside software unrelated to Tor or not well implemented. Such as the android browser.

The desktop version seems well done, mullvad seemed to agree and copied it for their own browser. Especially if you put it in safest mode.

I feel if you have a security concern with Tor that's anecdotal, you should formalize it and talk about it on the Tor forums or message the project themselves.

Ddhhdjbd · 2025-03-28T16:05:46+00:00

could someone please explain, what they mean, when they say, that the tor android browser is insecure?

i mean are these flaws that like get exploited on a daily basis?
or are you meaning in comparison to chromium.

(I mean is it like worse than firefox? or is it something different (ip leaks))
because sometimes it sounds like firefox users are basically just waiting to get hacked,
while in reality as far as i know is it pretty rare that someone actually gets some virus or something like that from a random website, is it not?

raccoondad · 2025-03-28T19:19:00+00:00

dhhdjbd we aren't talking about security vulnerabilities that would cause serious concern for daily Firefox users, of anything, I'd imagine the concerns we are talking about wouldn't even pass off as CVEs.

Its just weaknesses in anonymity that are baked into some aspects of Firefox, especially Firefox android. If the privacy concerns that I think we are talking about are shared.

As for the protocol, he's referring to sybli attacks, which are an issue but an overstated one. It was framed improperly.

Aangela · 2025-03-29T01:32:22+00:00

This thread drift about proper use cases of tor browser is distracting from the fact I may have been hacked.

This happened after a reboot.

I am still not convinced this is just a bug. :-(

I think someone is hacking me while using GOS. I am willing to submit info to see if it's possible but there's no information about what to do, just a drift "debate" away from the hack.

What is the proper thing to do in this scenario? I likely have been hacked. Enough weird stuff is going on that I don't believe bugs are the problem. This green light thing when nothing is being used is strange and the "stream bug" also would give someone great camoglague if there were a hack going on.

raccoondad · 2025-03-29T01:44:27+00:00

angela "I am still not convinced this is just a bug"

We gave you the upstream bug report details...we can't help you with speculations.

You are literally suggesting a fake upstream bug was reported by multiple users in order to give cover for someone to fuck with you personally, we can't help with that.

Check your privacy settings, see what apps used the mic last, enter safe mode, disable untrusted apps, but we can't help you outside of that without evidence you are experiencing a hack and not a well known upstream bug with the extract things you are describing (the mic indicator light)

Aangela · 2025-03-29T03:07:28+00:00

raccoondad

The mic indicator was on after a reset however. I hadn't enabled the mic after the reset.

Would this issue include that?

raccoondad · 2025-03-29T03:19:15+00:00

angela Why would you assume a reset would do anything? Did you read the bug issue filed? If it is in BFU mode, its almost certainly not an exploit.

Also, "Malicious JavaScript should not be able to exit tor browser sandboxing", Firefox mobile does NOT have sandboxing. This statement alone really makes me question if you understand what you are talking about.

You also instantly assumed it was a "hack" without further investgation and when people gave you reasonable answers of what you are experiencing, you denied it because you seem to have already made your mind up on what your sitaution is. We can't help with that.

Rryrona · 2025-03-29T08:37:12+00:00

Hi @angela.

The last month or two there have been reports from multiple users on the internet of microphone-in-use dot randomly turning on, and staying on, and that "Unknown" app is using the microphone. These reports come from GrapheneOS, stock Android, and even iOS which doesn't share code with Android at all, and from all sorts of users. Tor Browser certainly isn't installed at all in most cases. What it is that is happening, no one seem to know yet. It might be hacks, the coincidences with iOS leads to me now slowly starting to suspect this. It might also be bugs. It seems the Android case actually might have been a bug.

Either way, I want to clearly state, that the vast majority of users, including those of us with actual threat models, have not experienced this. It is also not clear to me how an attacker is able to get access to the microphone, but cannot prevent the microphone-in-use dot from turning on.

Tor Browser app runs in the Android app sandbox like all other apps you install. An attacker would need to have an exploit against Android app sandbox, in addition to an exploit against Tor Browser, to be able to get microphone access that way. The sandboxing others talk about in this thread, that is lacking, is yet another layer of defense some other browsers specifically implements. But Tor Browser is properly sandboxed like any other app would be.

If you suspect you have been hacked, here is what to do:

Hold power button for at least 30 seconds until phone hard reboots. This is to make sure an attacker cannot fake the reboot. During boot screen, hold volume down button, to enter fastboot screen. Choose recovery using volume buttons and power button to confirm. If I remember correctly, you will now reach a screen that is blank. I think you need to press power button and volume up button simultaneously to get a menu. Select factory reset and perform it. This will ensure all data not verified using verified boot gets deleted, even cryptographically destroyed.

During next boot, compare the boot hash shown with the one from GrapheneOS website, using a device you trust not to have been hacked, or from multiple devices just to be sure.

Your device will now be clean. Only proper non-compromised GrapheneOS code can run now.

How to prevent getting hacked again:

Be considerate about what apps you install, and from what sources, and what websites you visit in the web browser. Prefer to only install highly trusted and reputable apps, and only from official sources, and only visit reputable websites where you trust the website operator to do their best to keep the website clean from malicious code.

Ddhhdjbd · 2025-03-29T09:18:40+00:00

raccoondad thank you for the explanation

Ggk7ncklxlts99w1 · 2025-03-29T09:36:30+00:00

ryrona

Your device will now be clean. Only proper non-compromised GrapheneOS code can run now.

Does this wipe your entire device, including all your data?