A strange thing happened to my S3 mini over the holidays...
Without notice or prompt the phone changed its language settings to "Dansk" or some scandinavian language. The phone was definitely set to english before. I locked the screen, and then an hour or two later unlocked it to find it set to a foreign language with a prompt a long the lines of "Would you like to connect to 00:BA:34:FF:45:21?" (in Danish of course). Almost like someone hacked the phone over bluetooth, changed the language deliberately for confusion, and wanted me to accidentally authorise the connection to further exploit my phone. (note: I didn't write down the actual MAC address so the one quoted is just an example.)
I immediately opted out of the connection request, disabled bluetooth, wifi and mobile data and set the language back to english. I later discovered some other settings (like the ring and alarm tones) may also have been changed.
Any ideas on how this was done?
Does android only give this type of connection prompt for bluetooth, or also for wifi/wifi direct or even mobile data connections? If this was done exclusively over bluetooth, how is it even possible to change the phone's settings without authorisation? I think the exploitation of some samsung remote service over the internet is more likely, but then why the connection request??
Some things we can rule out:
- The phone was using the standard cell c "firewalled" apn. Not an "unrestricted" apn.
- The phone is fairly new with only six known and trusted apps installed (apps I used without problems on previous phones) directly from the android store - so I doubt if the intrusion was done via malware apps.
- The device was physically secure (no one physically accessed the device without my knowledge).
Ps. we were on a beach near Hermanus - strange place to get hacked!
Without notice or prompt the phone changed its language settings to "Dansk" or some scandinavian language. The phone was definitely set to english before. I locked the screen, and then an hour or two later unlocked it to find it set to a foreign language with a prompt a long the lines of "Would you like to connect to 00:BA:34:FF:45:21?" (in Danish of course). Almost like someone hacked the phone over bluetooth, changed the language deliberately for confusion, and wanted me to accidentally authorise the connection to further exploit my phone. (note: I didn't write down the actual MAC address so the one quoted is just an example.)
I immediately opted out of the connection request, disabled bluetooth, wifi and mobile data and set the language back to english. I later discovered some other settings (like the ring and alarm tones) may also have been changed.
Any ideas on how this was done?
Does android only give this type of connection prompt for bluetooth, or also for wifi/wifi direct or even mobile data connections? If this was done exclusively over bluetooth, how is it even possible to change the phone's settings without authorisation? I think the exploitation of some samsung remote service over the internet is more likely, but then why the connection request??
Some things we can rule out:
- The phone was using the standard cell c "firewalled" apn. Not an "unrestricted" apn.
- The phone is fairly new with only six known and trusted apps installed (apps I used without problems on previous phones) directly from the android store - so I doubt if the intrusion was done via malware apps.
- The device was physically secure (no one physically accessed the device without my knowledge).
Ps. we were on a beach near Hermanus - strange place to get hacked!
Last edited: