My Galaxy S22 Was Hacked Without Obvious Intrusion

Around July 4th I was staying at a northern Minnesota resort. Sometime during the stay all of my wireless features on my truck stopped working properly (i.e. TPMS alert went on without any tire pressure issues; rear view (wireless) camera stopped working). After getting home later in the week everything started working again.

On August 7th we discovered our Experian credit agency account had been changed to unfreeze our credit report without us knowing. Then things really started happening (credit card services started alerting us to applications being submitted under my name, address, SSN, etc. Our personal Visa cards was being charged. Our bank money market account had a bank-to-bank transfer done; our Xfinity email "auto-forwarding" feature was changed to an email address ending in "tk" (somewhere near New Zealand!). 

My theory is... I had our complete password file on my phone. Although the phone was never out of my possession I believe during that strange incident over the July 4th week a very sophisticated hacker used some kind of radio frequency to hack into my phone (inadvertently messing up my truck features too!). BTW, I have always had both Norton 360 and Malwarebytes running on all of our phones and home computers. Nothing was ever detected.

My wife and I have since applied Fraud alerts to all 3 credit agencies and changed all of our passwords and bank accounts/credit cards.

I since have learned about the "Secure Folder" feature on my phone, which I have started to use.

So, please be aware of your surroundings and be suspicious of strange happenings. I would love to hear of any others that have encountered similar circumstances.

Thanks for the info concerning your password file.

As you have found out storing an unencrypted password file in plain text on your device is not a good idea. I would highly recommend a good password manager like Norton or many others that store your file in 256 bit encryption and no one including them knows your password. This is many times safer than storing the file yourself. You can always keep a backup on thumb drive or paper offline.

Many other questions arise in my mind. You say you had 2FA on all accounts yet the hackers were able to access at least one account for the initial time to get into and cause harm. They must have somehow entered via the stolen password on an email account that did not have 2FA and then had your 2FA code sent to that email for your bank or credit card account access? Or did they somehow gain access to your SMS on the phone?

Also, this type of hack is not something that any antivirus program would catch in my opinion. Others may know better but this shows the importance of the individual being the 1st line of defense in practicing safe computing.

I do hope that all is better for you and your wife now and hope you take no offense at my pedantic sermons. 

Hello xjoex. Thank you for your reply and suggestions. Embarrassingly, my password file was plain text. I didn’t expect anyone would get access to my phone contents without physically having my phone. And I never use public wifi. I have unlimited cell data which we know is encrypted. As a retired software engineer I don’t put trust in the “cloud” or Apps that I don’t know what they are doing. The only App you mentioned is Link to Windows. I do use that since I now have 2 step verification on for all websites and when on my laptop my phone isn’t always by my side to read my verification codes via text message. With Link to Windows I don’t need to get my phone. I can read the verification action codes right from my laptop.As of today all is quiet. Take care.

In addition to all the good suggestions presented here I would also turn off and eliminate other features that I consider vulnerabilities like:

Link to Windows / Apple Play / Android Auto / Quick Share / Nearby Share / Music Share / Mobile Unlock / 

All of these apps have one thing in common and that is sharing. As hackers become more sophisticated they take advantage of the slightest entry into your system via remote access. By the way I consider none of the above as necessary or even useful to my daily computing and do well without them.

Question I have is you say you had password file on your phone. Do you mean Norton Password Manager? Text file unencrypted? Please explain if you could.

Thanks for posting your story as it keeps others here aware and on their toes. 

 

 

 

Thanks for the post-back. Just trying to be informative in every way possible. Another note is disable NFC and contactless payments and Nearby device scanning, use them as needed then disable when not being used. Using the Knox Secure Folder is also a good thing as I use it on all my devices as well. Hoping this turns out positive for you.

SA

Thank you SoulAsylum for your information. My truck is a 2006 Toyota Tundra. Way before standard truck wireless technology.

Thank you peterweb. Yes, our bank was able to reimburse us for all losses. Dodged a bullet there.

All: I reported something similar here on the forums in the Tech Outpost thread where FORD, has vulnerabilities in its SYNC 3 infotainment center. Access to that system will also give access to any connected devices via Bluetooth and the vehicle FOB. The report is for vehicles that are push button start capable. Mine is one of those and on the list. If the vehicle in question is not a FORD product I would consult with its OEM for more information, AND, totally disable WiFi capabilities on the vehicle pending further information from the OEM. I now keep my FOB in an RF blocking pouch when I exit my vehicle and overnight as a precaution. I am also doing the same RF pouch protection for my new Harley since it also has its own FOB. 

SA

 

It certainly sounds like a sophisticated attack if it even affected your truck's TPMS sensors.

I do hope that your bank is able to make good any losses from this experience.