How did this hacker gain access to my devices? phone and email? was it the home network?

[Johnman9000]

My phone was a Xaomi Redmi Note 8 Pro. And my carrier was Mint Mobile.

6-8-21 I received 3 texts from Mint Mobile giving me temporary passwords that I never requested. I thought it was odd so I logged into my Mint account with my desktop pc and changed my password. 

6-9-21 at 11pm I received 3 simultaneous texts from Metro by T-Mobile. first a welcome message, followed by two more text messages showing a balance on a account of $381.44 and $571.44.

Then my phone lost service. I restarted my phone, reinserted the sim and then finally tried to log into my Mint account to find it no-longer existed.

In a panic I used my girlfriends phone and called mint mobile to find out customer service was unavailable until 7am. 

I called Metro by T-mobile and was told that because my name was not the primary on the account they could not help me.

 

Not knowing what the hacker might be after I quickly tried to log into my several email accounts and remove my phone number from them so hopefully they cannot gain access to them or any websites I have linked to my number, such as my online banking. Even though I was quicker than the hacker at removing my phone number from my email address. Hotmail was still willing to send a recovery code to my phone number. Even today, my old number is still listed as a option in the password recovery despite me removing that number from my email.

Microsoft also provides zero support for email services so I was SOL there.

 

The hacker was able to gain access to my email address with my phone number and changed my password and kicked me out of my email account. 

I spent most of the AM hours doing things like changing primary email addresses for everything important, removing my phone number from all of my accounts, and i even froze my credit. 

Not knowing what the hacker was after I was more or less trying to lock the hacker out of as much as possible.

 

Finally 7 AM comes around and i call Mint Mobile and explain that a hacker has stolen my phone number and I more or less get the run around. They tell me I need to contact Metro.

I call Metro back and get a rep who transfers me and then I get hung up on.

After a third call to Metro I finally get a helpful person working from home. Apparently they spotted some unusual activity on their own and realized what I was telling them was true.

At this point they were willing to help me. The Metro rep was able to disable the hackers control of my phone number and create a temporary account without a sim and device to allow me time to port my phone number back to a carrier and device of my own.   

 

Now that I had control of my phone number back, I called Mint Mobile and tried to get them to re-activate my sim card and was told they have to mail me a new sim. 

So with almost no options left I went to my local Metro Store and bought the cheapest phone they had, and paid for a month of service so I could gain control of my phone number and hopefully email address.

Unfortunately I had to wait a full 24 hours before Microsoft Hotmail would allow me to do another password recovery.  (too many attempts were made apparently)

 

On 6-11-21 I was able to recover my email address, But was shocked to see there was no activity. No new emails or attempts at passwords, Nothing in my trash folder either. 

I think the hacker was looking for something that I did not have.

 

Finally I thought it was over but then a few days ago on 6-22-21 I got a new email from "Freewallet" a crypto currency website that I vaguely remember creating an account with them back in 2017. 

The email address said: "login attempt"  The device was my old phone the Note8 which was sitting at home connected to the Wifi on my home network.

 

I don't own any crypto right now. and believe that might be what the hacker was after. I have used several other crypto sites in the past and perhaps a data leak made me a target.

Now that phone is no longer connected to Wifi, and I did a bit of reading about it, and some people claim it is a very insecure phone to begin with because the Xaomi bloatware itself may contain spyware and allow a hacker to gain control of the phone.

 

Had I known this brand was vulnerable I never would of messed with them. I had a great experience with my previous Xaomi phone, the Pocophone F1. 

I followed Linus's video on the Pixel Killer and Lineage OS and I was happy with Xaomi, And thought they were a great value. 

-------------------------------------------------------

Hopefully that is where the story ends.

------------------------------------------------------

I came here to reach out to the tech community in hopes of feeling more safe, secure and comfortable on my phone and home network and find ways to prevent this from happening again.

And hopefully, help others become aware of what can happen and take precautions. 

 

I think now, Having a phone number tied to anything can be a liability.

And if the security exploit which allows a hacker to remote into a persons phone comes with the phone or comes in the form of a forced software update then Phones are a huge liability.

 

Some light reading on this subject, makes it look like hackers are targeting people who have Coinbase accounts and this is not exclusive to mint mobile or Xaomi devices.

 

I don't have any unusual apps on my Note8 phone. It is all pretty standard stuff from the google app store. pokemon-go, youtube, walmart, pandora, hearthstone, paypal, ebay, amazon. nothing weird or uncommon. 

I even downloaded a few free security apps to scan my phone and they did not find anything.

 

I am not sure exactly how the hacker gained access to my phone.

At This point I believe that one of the system updates or default apps that came with the phone must of contained some kind of exploit or spyware.

This phone is obviously going to no-longer be used.

 

How did this happen?

 

The fact that I made the Freewallet account in 2017 yet never used them, makes me believe that all this might of started with a data leak that tied my phone number, and email address to my crypto currency accounts. 

I cant think of any way for this to play out the way it did besides the hacker finding a way to retrieve the temporary keys texted to me by mint mobile. 

Once they had access to my mint mobile login information they must of discovered my account number and account pin which let them port my number.

It seems so damn unlikely that some random person who had my email address, name, and phone number was able to somehow able to remote into my cell phone. 

Or perhaps there is some kind of vulnerability that allows some other device out there to receive and send data pretending to be my phone? which allowed them to get texts meant for me?

perhaps that is why I saw 3 attempts at mint mobile password recovery and not just one?

But if they did not need my phone number to retrieve my text messages why did they bother to port my number in the first place?

I cant figure out which device allowed this hack to happen.

And if it is even safe, or I should consider going back to Mint Mobile?

 

 

I am also concerned about my home network. 

All of this has happened while my phone has was connected to my home wifi network. Except for the 3 text messages from mint giving me temporary passwords which happened while I was at work.

 

My home network has 6 desktop computers and 5 mobile devices and a NAS. 

Every desktop device is running windows 10.

I have a Motorola cable modem provided by my ISP. It is not a wireless device.

My router is a Linksys WRT1900ACS. I got it back in 2016.. I suppose it is probably outdated by todays standards, The latest firmware for it came out in 2018 and websites like Newegg are still selling this model.

It is listed as (open source ready)  Does that mean I can install a different OS to this router and make it more secure?

Or perhaps it is better to go in a different direction?

 

I was doing a bit of google searching for home network security vulnerabilities and the amount of information on vulnerabilities within routers and modems is overwhelming. 

 

I have been building computers for 16 years now, But I never got excited or learned much about networking and I feel pretty lost when it comes to it. 

one website suggested commercial grade routers are more secure than home and office routers. and suggested something like the Pepwave Surf SOHO.

 

I am all ears to any information, thoughts or ideas. 

 

 

 

 

[RockSolid1106]

So is the following correct?:

So, essentially, the hackers(?) ported your sim card/phone number from Mint to Metro. In the process, you got a couple text messages about the keys that are required to port your number. 

 

So the problem seems to be that the hackers could gain access to your messages, and get those keys that are required to port. 

Although I can't comment on how the hackers were able to get access to your messages, I think it's safe to say that Xiaomi isn't to blame here. 

 

Then, as far as your home network is concerned, I don't think it was compromised too. SMS Messages aren't sent over the Internet. And, if at all something on your network is compromised, it's not at all an easy task to hack a device on it. 

 

I would suggest you to change your phone altogether. Don't use those "Transfer your files to your new phone" apps. Instead do it all manually, and be skeptical about the apps. Only transfer the apps you need.

 

Others can correct me if wrong.

 

Hope this helps!

[Slayerking92]

Is it strange that every story I've seen like this has "andriod" in common?