Annoying Securiry warning - please help

[MLSS]

Sometimes the particular website will change something in the Web address that is not noticeable to you or me but will change it enough for the certificate to recognize it.

And to be honest, hitting okay and moving on is not going to harm your device.

 

[Digital Controller]

Not a clue to be honest. I really wish I knew what it was. I tried so many things that I can't even pinpoint what it could have been. But I know that freezing the apps worked.

I would rather not cause you more trouble haha

I was just hoping you would remember, but at least your issue is solved!

 

[Papamz]

Here is a list of my recently updated apps according to Play Store: ChatOn Voice & Video Chat, Flipboard:Your news magazine, Gmail, Google Drive, Google play newsstand, Hangouts, Samsung Print Service Plugin, Samsung WatchON, Youtube. My guess is that it must be one of these since the malfunction happened after that scheduled phone update.
I hope that this list helps somewhat.

 

[Papamz]

This thing is back. I've tried everything. It's back.

 

[UncleMike]

I'm surprised nobody mentioned this before now, but a quick Google search of "gridserver.com certificate" yielded plenty of results, dating back years. The domain name is referenced in one of the screenshots. The solution may be in those results somewhere, but given that the results go back several years, it would seem to be a long-standing or recurring problem.

 

[Papamz]

That doesn't sound good. Is there anything else I can try?

 

[divinebovine]

Like I said, uninstall/freeze apps one at a time to see which one exactly is the culprit.

Otherwise you need to find out what domain it's attempting to reach. It's not gridserver.com; if it was then you wouldn't get that message. Instead it's trying to reach something else that's secured with gridserver.com's certificate, which does not match.

If you could find out what domain it's attempting to reach you could either contact that domain's admin and have him fix the certificate or add it to your hosts file and point it to 127.0.0.1 (loopback to localhost), which will make all communication with it fail quietly and no certificate will be provided at all.

 

[Digital Controller]

I don't recognize the first app there. Try freezing that.

All those other apps plenty of Note 3 users like myself have those preloaded onto our devices, and I would assume we would have the same issue.

 

[Papamz]

Would that be ChatOn or TrustGo? ChatOn I have just stopped. The problem is still there. Uninstalling apps didn't help much either.

 

[lunatic59]

Try clearing the caches for your web browser(s) too.

 

[Papamz]

Some of them were cleared already, but I cleared the rest as well. No change.

 

[divinebovine]

If you are up to it, run a sniffer like Wireshark on your network.
Wireshark

 

[Papamz]

I've just clicked on the link. I have no idea how to proceed forward. What you've said is very clear. I see the packets, but there are none for (TCP443). Can you please guide mw through it? Please bear with me.

 

[divinebovine]

Is it picking up any packets from your phone, or just packets from the computer where it's running? Some networks don't make sniffing easy.

Thinking of other things/ports where it might get an SSL certificate, an email server could be at fault and likely wouldn't use TCP443. To check for that, it might be easier than sniffing to uninstall any aftermarket email apps and remove all email accounts from the phone's settings. If you sniff for it, you can look for TCP995, TCP993, TCP465, and TCP587, though that's not an exhaustive list.

 

[Papamz]

...Do you know of anyone that can help me fix this in Phnom Penh, Cambodia by any chance? This is really way over my head.

 

[UncleMike]

Is it picking up any packets from your phone, or just packets from the computer where it's running? Some networks don't make sniffing easy."

Any switched network will make packet sniffing difficult, since packets are only sent on the port where the target device is known to be (or very briefly, on all ports if the connection to the target device is not known). The easiest way to work around this is to put a hub (if you can still find one) between the target machine (the one whose packets you're trying to sniff) and the switch, and plug your sniffer into the same hub. In the case of a wireless device, the hub would go between the aces point and the switch. The hub will send every packet out to every device connected to it, allowing the sniffer to see everything sent or received by the target device.

Note: I'm sure someone who suggests packet sniffing is already aware of this - I'm just trying to give more info to the one doing the sniffing.

 

[divinebovine]

Yeah, I figured that idea was going to be hopeless because the access point and the switch are most likely a single integrated device. I'm assuming this is an average home network.

Is there a trustworthy packet sniffer for Android? That would do the trick.

 

[UncleMike]

If a packet sniffer for Android exists, I'm sure the device would have to be rooted for it to work.

 

[Papamz]

Rooted? How do I ensure that my device is rooted?

 

[divinebovine]

If you have to ask that question then the better, easier cure will be to simply do a factory reset.

 

[lunatic59]

If you have to ask that question then the better, easier cure will be to simply do a factory reset.

I'd have to agree. At this point a factory reset will be the best way to solve the problem. Make sure you back up ALL your important information first ... contacts, images, text messages, email, etc.

 

[Papamz]

OK. Yeah... will do it. Thank you again to all of you.

 

[Papamz]

I formatted the phone and have lost so much, but that annoying security warning is no more. Thank you again to you all for your efforts.

 

[divinebovine]

I'm glad it worked out, I just wish someone could have come up with a better solution.