I’m running Graphene on a Pixel 6. I lost it and someone opened it somehow and called two of my contacts to give it back.

I’m a bit confused how this even happened. When I got the phone back, they were going through my contacts. I checked app usage stats and they went through a banking app (not missing money), maps, signal, etc.

Is there a way to figure out how they even unlocked my phone?

  • jacktherippah@lemmy.world
    link
    fedilink
    arrow-up
    32
    ·
    11 months ago

    This person is clearly well-intentioned, so I don’t think an exploit was the cause of your phone being unlocked. If they knew an exploit it’s likely that by now everything about you would’ve been compromised already, like you would’ve lost access to your accounts and all your money would be gone. This person probably unlocked your phone by using your pin code, so either it was a very common pin code, or something suggested here, like smudges on your screen revealing the pin code, or highly unlikely, they guessed your pin code. Anyway, it’s better safe than sorry so check if your OS’ been tampered with using the GrapheneOS auditor app. Even if it hasn’t, you should back up everything and factory reset it just to err on the side of caution. And in the future, use an 8-10 digit pin code with pin scrambling enabled.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      14
      ·
      11 months ago

      100%, depending on your threat model, your device has been compromised and out of your control. You have evidence that the device was unlocked. You can no longer trust the device

      Probably should change your PIN too