The longer they become. No one forces to read. Just for amusing purposes.

Got hacked - by my own N900!

My journey with chromium 57 on ED continues. And it got a bit tensious. I have now in 2-3 weeks flashed my device maybe 10 times (is there a limit before it says 'I'm done!'?). And installed ED maybe over 15 times. Why? Experimenting and messing around. Some does not install on ED so I a bit aptitude and a bit upgrade with different repos and bang - device has a hickup. And when I have flashed it doesn't go as it should (once device opened to fremantle with red squares filling the screen). And when I update I always have wrong repos set and there comes conflictions and can't do this or that.

Yesterday I managed to make a good install. Now I would get things work with chromium! But I have had my doubts with installing it from an unknown repo. Is it safe? Do there come unwanted passengers with the packages? And an outdated browser is not safe and after pm with one member I sought for sandbox and found that I can get firejail from jessie-backports and installed it without problems.

There has been another thing bothering me. I used to play with aircrack and installed injection drivers for it but it was like 10 flash since. But while I have browsed my device with ls -a in different places I found them on my device. I didn't put them there! Who did? The chromium?

So with many doubts I installed chromium. Normally I change the lxde desktop getting rid off the network status applet (cause don't know how to make it show cellular and not using wifi) and putting on one panel just what I wan't. But cause last install I lost my menu items execpt for logout and run I this time let it be as it is. I firejailed chromium open and it worked nice. Then I started to notice that the network applet shows occasionally green and blinks. Hah, so it pickes cellular after all. But it didn't really match up with what I was doing. Well I don't know how browser loads or such so no worries.

But then when I finished with my experiments I launched chromium without firejail and WHAM! I see my wifi status icon on fremantle launching and I see my device connecting my wpa2 protected wifi network without me giving any passwords!!! What??? Then I was in hurry. Close ED, disconnect N900 from network, open home laptop (which has f-secure vpn) and connect to router to change the admin and wifi passwords. Fiuu that was close!

Started to look the settings on my device and they had been changed to 'automatically connect to any wlan' and that was not my setting! And there are the injection drivers I have not installed! I was hacked by my own N900!!!

I felt so dissapointed with my loved one but still wanted to give it a change - and flashed again. THIS TIME I will check everything is done right. And not gonna port any settings from a backup as last time. Port settings from a backup? Hmm. I made that backup straight after flashing so there were default settings and after I had hassled with swap and overclocking I loaded the default settings - which changed my own connection settings back to default. Ok. It is possible that was the reason for changed settings. But the wifi password? That backup which I took from my laptop may have been much older one and may have had my wifi password cause i may have tried once the wifi connection. Ok. It may be so. But the injection drivers (which probably can't be used against me but which has a scary name)? First time I read what all is installed with Kernel Power which I have always installed after flashing. Ok. That is undeniable.

Now I have possible rational explanations why happened what happened. Now installing everything again from scratch. I just have to try is it chromium or was I hacked (again) by my own stupidity. I now know quite well though the procedure in what order to install things. After this try I will share the instructions on chromium 57 thread - or give a big warning if I'm hacked again.

Yours,

Maemish
a mere wannabee in many things