[Solved] Norton Mobile claiming my wifi network is compromised?

[Netbug]

Hi,

Ok not sure what to do to check for anything suspicious. using latest merlin firmware 384.4_2 factory reset/fresh install when 384.4_2 was released.

Turned my WiFi on phone and auto connected to my network like normal, then norton mobile app pops up saying my wifi is compromised. This network is compromised by an unknown third party that may view and alter your communications.

Then it says...

SSL Decrypting, An attacker is attempting to decrypt this entowrk and may view and alter your communications.

As you can imagine i found it to be very alarming, Anyone have any suggestions? i have looked in logs i see nothing that indicates anything odd, checked client list, dhcp releases, connections, routing table, portforwarding, run 'top' command in terminal incase something suspicious was running all looks ok, just to ensure nothing odd going on and find nothing to suggest someone may have hacked my network or gained access or is trying to decrypt traffic, i do have wire shark on my macbook but not used it in ages. I'm worried now and looking for suggestions.

Thank you.

Update:

Issue was with the Norton app tut tut.

[Solved] Norton Mobile claiming my wifi network is compromised?

 

[SMS786]

Very disturbing indeed. While I admittedly don't have much experience with the norton suite, do you have the trend micro security suite (AiProtect) enabled on your router? If you don't, it might be worth it to enable it, update to the latest signatures, and get a second opinion through it..especially since you say nothing is out of the ordinary in your syslogs..

 

[Treadler]

Hi,

Ok not sure what to do to check for anything suspicious. using latest merlin firmware 384.4_2 factory reset/fresh install when 384.4_2 was released.

Turned my WiFi on phone and auto connected to my network like normal, then norton mobile app pops up saying my wifi is compromised. This network is compromised by an unknown third party that may view and alter your communications.

Then it says...

SSL Decrypting, An attacker is attempting to decrypt this entowrk and may view and alter your communications.

As you can imagine i found it to be very alarming, Anyone have any suggestions? i have looked in logs i see nothing that indicates anything odd, checked client list, dhcp releases, connections, routing table, portforwarding just to ensure nothing odd going on and find nothing to suggest someone may have hacked my network or gained access or is trying to decrypt traffic, i do have wire shark on my macbook but not used it in ages. I'm worried now and looking for suggestions.

Thank you.

Your AiProtect ‘scan’ showing everything ok with your router security settings?

 

[Netbug]

Very disturbing indeed. While I admittedly don't have much experience with the norton suite, do you have the trend micro security suite (AiProtect) enabled on your router? If you don't, it might be worth it to enable it, update to the latest signatures, and get a second opinion through it..especially since you say nothing is out of the ordinary in your syslogs..

Hi yes AI protection is enabled on my router and signature version is upto date as well, There is 1 hit from yesterday under two-way ip hits but nothing else.

 

[Netbug]

Your AiProtect ‘scan’ showing everything ok with your router security settings?

All shows ok except i don't have malicious website blocking on.

Another hit just now. I never enable aicloud, access from wan, ssh is lan only and i use certificates as well as password.

 

[SMS786]

Also another thought. This error

This network is compromised by an unknown third party that may view and alter your communications.

could be due to a rogue certificate loaded on your device. If all else fails, clear out your trusted certs (load back your pixelserv cert after, of course) and see if the network error still persists.

 

[Netbug]

Also another thought. This error could be due to a rogue certificate loaded on your device. If all else fails, clear out your trusted certs (load back your pixelserv cert after, of course) and see if the network error still persists.

I only use the self signed auto generated option to access web-gui, even though lan only but i like using ssl still. In regards to the ssh (lan only) the same key i have been using since i re generated a new one in January 2018 using putty on windows, also requires password in addition to the certificate.

Could you please explain how i got about what you suggest?

 

[SMS786]

The wifi error is happening on your phone, correct? In the settings, under the security menu, there should be a subsection called 'trusted credentials' or something similar. There should similarly be a section called 'user credentials'..check this category first and see if there are any there that you don't recall manually installing and remove them pronto. Then reboot your phone and see if the warning error still persists. Fyi my experience is mostly with android, but I imagine iOS settings should be pretty similar.

 

[Netbug]

The wifi error is happening on your phone, correct? In the settings, under the security menu, there should be a subsection called 'trusted credentials' or something similar. There should similarly be a section called 'user credentials'..check this category first and see if there are any there that you don't recall manually installing and remove them pronto. Then reboot your phone and see if the warning error still persists. Fyi my experience is mostly with android, but I imagine iOS settings should be pretty similar.

Hi,

Im using android lineage os 7.1.2 (5th march 2018) security patch level, never had issues before. I checked 'trusted credentials' under both user tab, there is nothing under user tab and under system tab there is many but they all seem normal like default what would have existed on a fresh install, nothing odd looking. Under user credentials there is nothing either i also did Clear credentials, rebooted but still same.

I tried another app that does a scan on wifi and it could not detect ssl decrypting but all apps are different, it never reported such an issue before. Dunno what to think at this point.

Thank you.

 

[Zastoff]

Got the same message from the Norton Android app this morning..
Been dubble checking settings and Ai-protection restarting router and installed the app on Another Android and same message there

 

[Netbug]

Got the same message from the Norton Android app this morning..
Been dubble checking settings and Ai-protection restarting router and installed the app on Another Android and same message there

omg thanks mate for letting me know so must be the app then i assume, got proper jittery was just going to factory reset (initialize...) router but seeing you getting the same i assume norton either a bug or using scare tactics to force you to download there WiFi Privacy app, hmmm suspicions...

 

[Netbug]

Update:

@Zastoff
@SMS786
@Treadler

Update you're norton mobile app if you have it installed, it was updated 4 days ago but was not showing an update available until i restarted phone, i installed update and it ok again now, look in release notes and it mentions WiFi Security.

Scare reverted

 

[Zastoff]

Thanks
Works fine again with my Norton app

 

[Netbug]

I love it how under the What's New It says Minor UI updates to Wifi Security and System Advisor. (added images to post above)

Really Minor? Norton you tried scaring people into thinking there WiFi network was compromised by someone decrypting SSL traffic and they call it a minor UI update lol.

Funny though look at other image and it offers you to try there WiFi-Privacy app, i know i'm a very skeptical and suspicious person but a bit fishy i think lolz.

I'm just glad i can laugh at it now, about an hour ago it was allot of swearing and me thinking here we go factory reset again, only did it last week and checking every device on network but thankfully scare reverted.

 

[Ev Batey]

Update:

@Zastoff
@SMS786
@Treadler

Update you're norton mobile app if you have it installed, it was updated 4 days ago but was not showing an update available until i restarted phone, i installed update and it ok again now, look in release notes and it mentions WiFi Security.

Scare reverted

Had same first time on my Android LG V20 (current Android image). After half hour on Norton Live Chat with wait an hour messages, guessed what they said about hickup meant Norton was the intrusion on my WiFi. Might serve the community well to maintain some lists of what Smart Phone, Computer and WAP Security should alert on. Not ready to change all my server and client web passwords out of cycle. How may we guard against bad security vendor code in the future?

 

[Richard Werbin]

I had this problem last night late, on 2 phones, just before going to sleep.
PANIC. Unplugged modem & router and went to sleep.

Updated norton security app on phone from Play store.
Network is safe again.

 

[Netbug]

Had same first time on my Android LG V20 (current Android image). After half hour on Norton Live Chat with wait an hour messages, guessed what they said about hickup meant Norton was the intrusion on my WiFi. Might serve the community well to maintain some lists of what Smart Phone, Computer and WAP Security should alert on. Not ready to change all my server and client web passwords out of cycle. How may we guard against bad security vendor code in the future?

well i'm not sure Norton was the intrusion, i'd say more of a scare or scare tatic, depends if you are a suspicious person i guess on how you look at it. Also not much you can do to protect yourself apart from all the advice scattered on these forums and by not downloading malicious apps, checking what permissions app wants before installing, all the usual. But when you install something in this case norton security not much can be done as we are giving it permission to install and permissions to access all areas of the phone. There are better security apps out there and i will be moving to another when my sub expires.

I do recommend this site though: https://www.av-comparatives.org/ They do plenty of testing and reports.

Network is safe again.

It was always safe to be fair, well as safe as my network can be to my ability, just norton giving a false positive and causing users concern or a scare tatic maybe to download there WiFi Privacy app lol.

 

[Netbug]

well people aren't happy, looks like norton has been upsetting it's customers lol (check reviews) https://play.google.com/store/apps/details?id=com.symantec.mobilesecurity

can't stop giggling reading the reviews.

 

[RMerlin]

Norton (Symantec) is a rollercoaster. Good in the late 90s, bad around 2001-2005, good again around 2008-2012, bad against since then...

I recently ditched Norton on my own desktop because it wold totally scrap my system back in January following Microsoft's fixes for Meltdown & al. Had to restore my Acronis backup three times over the course of two days to fix a non-booting system. Fixed by replacing Norton Security with Eset NOD32.

The saga surrounding their SSL certificate business is quite a soap as well...

 

[Netbug]

Totally agree. i remember it being good at one time when it was Symantec but got worse to the point even installing/uninstalling there software caused BSOD on windows. I stopped using it years ago, except i use it on my phone and windows bootcamp install.

I use my mac as my daily driver and linux mint in my vm and don't use such software on my mac except for malwarebytes and bit defender from app store but they only launch when i launch them so not hogging resources in the background and run them once a month just as a precaution.

Norton is known for messing around to much with windows and it's registry. It seems to not have changed, thankfully i rarely use my windows boot camp install now. I remember the online stories and the norton forums being full with these kind of issues. It got worse over the years and seems to not improved much. I remember the painstaking installs that took forever whilst it installed then crippled computers by hogging cpu and memory resource to the point systems would crash and freeze.

Yes there SSL certificate business, vpn business and whatever else they have got there noses into, i would not trust the rest of there products and to be honest don't trust them at all so will be definitely leaving when sub ends in 4 months.

for example you launch edge, chrome, firefox or another compatible browser and it bombards you with install toolbar this and that, it's as bad if not worse than malware. Norton is very spammy now with there persistent notifications, spamming paid users with there other products/services. Time to ditch them.