Yeah, don`t send your Google phone in for warranty

December 5, 2021, 4:54 pm
Yeah, don`t send your Google phone in for warranty
Yeah, don`t send your Google phone in for warranty repair/replacement. As has happened with others, last night someone used it to log into my gmail, Drive, photos backup email account, dropbox, and I can see from activity logs they opened a bunch of selfies hoping to find nudes

Just to confirm, FedEx has marked your broken phone as delivered but Google said they didn`t have it? I just dealt with that same exact thing recently. Don`t know how to check if any of my data was compromised though

What should people do as an alternative?

has the worst customer service. I ordered a pixel 5, it never arrived although was marked as delivered (obviously stolen), Google refused to refund me or send a replacement. 6 weeks of communication to be told tough luck. Ill never buy a product from Google again

THIS IS WHY HULKS TEST PHONES ARE NEVER IN THE CLOUD AND EVERYTHING IS FULL ON ENCRYPTED V_V HULK MISS THE GOOD OL DAYS WHERE ANDROID AND APPLE ALLOWED HULK TO STORE *EVERYTHING* ON THE SD CARD... CANT GET HULK IF HULK HAS EVERYTHING ON MICRO SD INCLUDING APPS

If you used Google Pay on your device, you might need to replace any credit or debit cards linked to your account. Also, screenshot the evidence.

Security, Power Save

Ayo whats up with this?

and quickly, fix the issue that causes this to happen.

this security breach sounds pretty fucking huge. I hope google compensate you and replace your phone if they can`t repair, and investigate, and do everything they should, oh, and prosecute the people accessing stuff they shouldn`t.

Excuse me but what kind of activity log would show you what photos were opened? That story makes no sense to me just because of that.

Sorry to hear your experience. My experience was very different. When the battery on my Pixel failed, it was replaced for free even though it was out of warranty

Calling them a "hacker" is a bit much considering they had your phone....

oh damn.

You wouldn`t do that coz we are in a long-term relationship. This is an infinite game.

Interesting, I have been a Google Fi user since 2015 and Google has become more challenging to deal for repairs. The last 2 times I sent a phone (both factory reset) in FedEx showed it delivered but Google charged me for it until I showed them the FedEx tracking confirmation. Do you have links to where this has happened to others? I need to get my phone repaired, I`m based in the UK and wondering if this is specific to the US

Does having 2-factor authentication help guard against this? Or did you also have that enabled when this happened? Sorry to hear this, its concerning all of us using google services

I know I shouldn`t be surprised. But I am. And I am sorry for how it sounds like that felt. I know I have been a part of the toxic masculinity that underlies that behavior at points in my life, and I am horrified by it now.

Next time advice: - Force wipe (and/or do the following) - Force session close on device - Change mail password - Change all (app`s) account passwords that keep inside phone. - Encrypt local data

This is horrible. In the smartphone/social media era I keep all of my old cell phones, laptops & computer hard drives. I buy cheap models & replace every couple of years. No warranty, it breaks, new phone. But businesses need to think about this risk too!

If you would have changed your Google PW before sendung in the phone, would this have prevented the access to your GMAIL account. Wozld not have prevented the local access to your phone Crimes like this should be punished really hard

You can revoke credentials for each app in that phone. And disable or get off the sim card of course. My choice with a not reset-able phone will be not to repair it.. Anyway, I`m very sorry for what happened to you

Reset to factory - > send to repair - > configure again. If you can`t do it, revoke all credentials before sending it. If you don`t know how to, buy a new phone. Your personal info os more valuable than a phone

Probably because you already mentioned the legal option. If they contact you directly, it will be after they`ve spoken with legal. Or legal will contact you. Or nobody will.

Urgh, I sent my pixel in last year for repair. Couldn`t backup and wipe it because the screen was completely dead and no other suggestions worked. I`m worried now My partner wanted me to get a new phone rather than send in because of this concern. I hope he was wrong.

I can smell a story here

Did you have to provide the pin for the phone when sending it in? I have my Authenticator set to require pin or biometrics before opening or accepting a request. It`s just one factor otherwise. Changing passwords doesn`t work as most apps get auth tokens which have to expire.

Should have got the pixel 6

How did you know they`d opened photos? Specifically which ones as well?

A Google phone is essentially a data hoover siphon, thats how their whole business is built, getting all the data off users to monetise. Switch to a privacy first phone. Away from Google and Android.

That happened to my mom`s MSN email account too. I found a rule they created to move all her emails to spam.

I am sorry to hear this. Is shredding the only way?

Im so sorry this happened, to you & someone should be held accountable. I am curious how they got access though as they shouldnt be able to access the data on the device. Did they ask for the PIN or was there a guessable PIN set? Good luck holding them accountable

Check out key you can secure your Gmail account

Looking forward to when this is all over

That`s why I don`t use Gmail, Google photos or sync anything important there. And yes, I don`t have a pixel phone!

If you haven`t already, consider looking on LinkedIn for people who work on Pixel devices and reach out to them. Can`t hurt. They start at link 8 after ads when I do a Google search Look into Yubikeys, it removes the 2FA data from your phone onto a USB security key.

It`s depressing af that it takes back channels for things like this. It really shouldn`t.

What was your pin code? Date of birth which shows up when googling your name?

when it`s time we can just buy you a new phone (and then look into recovery/repair)

for threatwire, this is outrageous

I agree with you, but "mansplaining" ?

Yikes... I just sent my pixel 3 in as a t mobile trade. I always worried about stuff like this. Nightmare scenario. I`m sorry this is happening to you and tiny violation of privacy

This is a growing problem with tech repair/privacy/security. Would be great if you can dig in and bring some more awareness to the public and some advice as per what to do to attempt to prevent it...

Wow. Im so sorry Jane!

Keep in mind FedEx has an issue currently with stolen devices going to known addresses for repair locations. Open an investigation with them too.

Its stuff like this that make me really wish FairPhone was available in North America

I also sent in my pixel a few months ago and google charged me, saying my device was never received. The fedex tracking showed it was delivered.

unroll

Maybe a coincidence between getting hacked and sending the device? Maybe she accessed her accounts from another compromised device or endpoint?

If you`re thinking lawsuits, this is probably also a federal felony under the CFAA (Quite wrong that the acts against the phone may be more heavily criminalised than the acts against you)

This is sad to hear. I am sorry this happened to you.

Now you have me worried!! My Pixel 6 failed to turn on after 3 days of owning. I just sent it back to them so they would ship a new one.

Im so sorry that happened to you. This is outrageous. May I ask where one can view this activity log?

The trouble is an Android phone can also act as TFA / MFA for a Google account making it harder. Did the phone have a password on the lock screen? I refuse to provide the password as it forces the repair person to factory reset. It`s a hard situation that should never happen

If this is real, you can get millions for compensation, save all the logs, IPs, whatever proofs and sue them.

I prefer Samsung Android phones, and I would never send a phone in for repair. Cellphones have probably the worst security of any device that is connected to the internet. Also offload all my photos to a set of backup drives which are offline mostly.

Oh that happened at Apple forever. Ask any dirty ex retail employee. I know this because, well, family members worked there. So yeah, nothing is sacred between privacy protection acts.

Unsure if it was sent to HYLA Mobile Reconsidered, which is the 3rd party that Google often uses, but they have a LONG history if screwing people over. These companies should 100% be held responsible for what`s done by their 3rd party associates!!

Can`t be done if you forget your PIN either, as I discovered recently.

Googles customer service for Pixels is GARBAGE, I reported issues with a 10 mo phone, took 2 months of back and forth, and when they finally decided there was an issue with phone, it was over 12 mo and they said it wasn`t under warranty, even though I had reported 2 mo prior

It`s okay he was lying and making shit up. Everything he said was wrong. You did nothing wrong. Please do not let him make you feel bad about taking a low risk action. I am a cyber security analyst at a fortune 500 and I still turn in my devices for repairs trade ins.

Good on ya for following this up - if true, something rotten here.

Fed Ex steals Google phones constantly. Check out the Google pixel subreddit. My last phone was "lost" at the warehouse too

jfc. Maybe I should get an iPhone after all -- this does not create confidence in the Google brand....

How do you know they were hoping to find nudes? Motive logging would be a nifty feature.

The google "repair" process is an awful joke. I switched to apple due to a different but frustrating experience.

What`s your next phone going to be?

You need to simple unlink the device from your google account and after that change pw to log out any other devices. Its not googles fault when you send a 3party company hardware that is linked to your account with full access.

Sadly this is not uncommon :( ffs i have heard it from pretty much every single brand ; computers, phones and anything with Storage

God, this so appalling really sorry for you ... Please help...

Genuinely curious where you can see photos that were viewed recently?

Did you have biometrics, pin or password on and they still managed to hack in your device? This is why i always say to people avoid service centres as much as possible, hope all android manufacturers such as make genuine parts available to consumers.

Google needs to get its act together. Stolen phones, phones not connecting, 911 issues, and now this.

Will this help or not, everyone?

I agree with you, but I also don`t think his comment was unwarranted - it wasn`t made clear in your tweet-thread that you already tried and were unable to reset your phone. Occam`s razor. He could`ve phrased it as a question though if he was unsure.

hope you are looking into this. If this is how you treat customers who show loyalty to your brand maybe they are better off with apple. Seems it`s not the first time too.

Yeah, this is a really good point. If someone is using SMS as two factor and their sim is moved to a new phone, game over. Every service really needs to support 2-factor authentication using an app versus SMS.

This really sucks. I hope Google acknowledges this issue and tries to make amends. There is no undo button from this. How can you trust them with your data if they can`t repair your phone without letting someone violate your privacy.

Oh my God, Im so sorry that happened, thats terrible! I hope everything resolves in your favor with minimal stress for you

I can`t even imagine how you must be feeling about this. They owe you a huge apology and full explanation of what they are doing about it

Update: I have heard from individuals via backchannel, not officially from Google, that Google is looking into it and it`s getting escalated. I have not been officially contact by anyone with information or offer to help yet.

sorry! i didn`t know that about you i was explaining because it`s not usually referring to an insider threat usually when somebody says their phone was hacked, it`s referring to a phish or something, while it was still in their possession

it depends on if it`s a google employee (or contractor) or an outsider that has access to their warranty department somehow whether access was given or taken unauthorized access is probably the correct term from your perspective

i`m not sure hacker`s the right word for this really unless i`m misunderstanding how this happened, sounds like an insider threat by whoever does the repairs (probably a third party vendor)

Was the device not pin/password protected before it was dead ? It`s impossible to access any contents on the device as they stay completely encrypted if any pin/fingerprint is set This is unacceptable and unfortunate completely but we should also remember basic security hygiene

I`ve had FedEx steal two pixels on their way to me from the store. Google absolutely knows about all the theft, they`re not doing anything about it.

Indeed. There`s a very important tip! Thanks!

I see... So you literally couldn`t change your passwords beforehand... Damn... Could you have done anything different?

@x3mity obviously what I would do now is reset all my two-factor authentication devices to my husband`s phone for the timebeing or something I don`t know?? it would be nice to have a big list of things to do if you can`t factory reset a phone that you have to return or repair!

I assume that means they didn`t have access to your sim card, either? That`s wild.

Ugh. So sorry to read about your terrible customer experience. Must be so frustrating!

Oh no! Worst fears so sorry. Yes this is not ok. Google should be accountable

I sympathise and am not victim blaming here. But the moment the technician revived your phone all apps were accessible, correct? What are the lessons learnt here instead of blaming some scumbag tech? Changing all your passwords on another device beforehand would prevent this no?

@emroth08 weirdly I got refunded for the device last night, a few hours before the hack happened.

@emroth08 they didn`t want to refund me, I had to harass them for weeks about it

If it`ll turn on to recovery mode, you actually can. But I think the bigger question is how you got notifications of all this activity even though the phone was offline so that it wasn`t wiped? Oh, and also why you got a security notification that your own phone was used?

That is so odd. So is your original device actually missing?

If you changed all your passwords prior to sending in your dead phone, how could the hackers/thieves access your accounts once switched on?

It`s of no surprise to me, technically you do not own your device, google does that. There`s not really anything you can do about it, just accept that your phone cannot be trusted.

So many things not okay with this. I wish I wasn`t old enough to remember their old moto. Now it`s more like "Don`t (get caught) be(ing) evil."

I`m curious, and I apologize if you`ve answered this already Was the phone password/pin protected? And I assume the fault it was being sent away for prevented you from being able to reset it before sending?

That is so interesting as my status from FedEx was that it was at the site but to Apple, it didnt exist. Shady stuff afoot!

Wow. I would hope Google would do something about that. That is just plain terrible and disgusting!

Im wondering if this is a FedEx issue? I had set up a trade in for Apple and my laptop disappeared even though it was being reported as at Apple. It took me two weeks to get it sorted with Apple but it never resurfaced. Luckily, I had wiped it completely before sending it.

Right. Wow. And just to be clear, when you say "Google phone" you mean a Pixel (or god forbid a Nexus)? Or do you mean an Android phone from another maker?

Well, there you have it Would you still say its not their fault?

Id recommend you tag so theyre aware of this

Oh snap! That`s my worst fear.

a consumer can`t factory reset a phone that won`t turn on. I took every other recommended step to secure it including Lock my Phone and Erase my Phone via Google`s FindMyPhone service. It did not work.

Give this a shot. Also, assume you are completely compromised and everything you used your phone to access and those accounts have all been compromised. Oh my God....this is shocking, I don`t even know what to say. Jane, I`m so, so sorry...

also to be clear I have been on Google support and Pixel support dozens of time all week BEFORE the hack happened, asking them to investigate why my phone marked delivered by FedEx `disappeared` at the warehouse. At any time someone could have offered me any security advice?!

@emroth08 after I was complaining on Twitter that they wouldn`t acknowledge receipt of my broken phone despite FedEx tracking showing it delivered, someone told me there is a Reddit post of exact thing happening to his wife at the same facility/warehouse, also looking for nudes

@emroth08 even though FedEx marked it delivered. They charged me for a replacement device because they never got the phone. Late last night someone used the phone and the two-factor authentication on the phone to bypass security.

This needs to be on the news. You are probably not the only one this happens to. That is why phones need to be easily repairable so you can do it at home or have the technician do it in 10 mins in front of you. A lot of sketchy things like this can happen in repair shops.

@emroth08 So the phone can`t be factory reset using normal methods before you send it for repair because you can`t use the phone. Anyway, I sent it to the official Pixel repair center in Texas via their FedEx shipping label and the phone was reported never received by Google...

It`s a police matter. Hopefully would assist in getting you justice.

I`m trying to get some answers from Google about this. Do you have any extra details to share, like what kind of phone you have and why it was sent in for repair?

Where exactly did you send your phone in to for servicing? Depending on that answer, it will shed light on who really should be responsible. this is outrageous! suing Google may not be the answer if it was not them you sent it to for servicing.

 
Sponsored links