CROSS PLATFORM SECURITY PING!
If you want on or off the Apple/Mac/iOS Ping List, Freepmail me.
Posted on 09/19/2019 2:00:01 PM PDT by Windflier
Introducing: “Simjacker” a new SIM card flaw, discovered being actively exploited in the wild, which allows attackers to hijack any phone just by sending it an SMS message. Security Now's Steve Gibson has all the details.
Watch the full episode of Security Now: https://twit.tv/sn/732
Hosts: Leo Laporte, Steve Gibson
Wow. Steve Gibson has been around forever. I still have his bootable low-level hard drive format program, even though it is mostly obsolete.
Some more info:
“This research specifically considers SIM cards which make use of a technology not used by most mobile operators,” the GSMA told PCMag in an email. ‘The potential vulnerability is understood to not be widespread and mitigations have been developed for affected mobile networks to implement.’
“AT&T and Sprint told PCMag they don’t use the affected technology on their SIM cards. Verizon says, ‘We have no indication to believe this impacts Verizon.’ T-Mobile has reportedly indicated the same.”
https://www.pcmag.com/news/370736/sim-card-flaw-poses-spying-threat-but-us-users-appear-to-be
I also read the vulnerability is limited to gaining your location. Anyone know if there’s a greater risk?
I still have an older version of SpinRite that saved my bacon a few times ......
Later.
I’m glad my phone is so old. Nobody wants to hack it. I don’t think it even has a SIM card in it.
Watch the video. There are much greater risks than just finding your location.
“...track the user’s location.”
They’re gonna get tired of waiting for me to get off the couch.
And then I’m only going to either the bathroom...or the fridge.
If you want on or off the Apple/Mac/iOS Ping List, Freepmail me.
Click above for a comprehensive list of all the improvements, but please don’t discuss them on this thread,
PING to dayglored, Thundersleeps and ShadowAce for your pinglists.
Depending on who is reporting this SimJacker, this exploit either affects all cellular phones with a GSM and CDMA standard, or not. . . I suspect it does. It’s in the standard and unless the people who maintain the code have taken specific steps to remove the toolkit from the code it’s in there. AT&T claims their SIM cards don’t have it, but why do I doubt them, they’ve never been known to lie before (ROTFLMAO!) about something that might negatively impact their bottom line have they(?), and Verizon says “they’re not sure” or something similar. Experts in the SIM field are all scratching their heads over it. . . So the question is up in the air.
Sword, if you know, does this also affect devices using eSIMs or just those using physical SIM cards?
Frankly, House, I don’t know. However, if the SIM Application ToolKit is in the standard, it is likely the exploits would work because they’d be included in the eSIMs just because they are in the standard. Standard setting organizations are nothing if they not consistent. If it’s in the hard coded version, it is likely they’ll include it in the software version, even if it is obsolete.
Sprint uses SIM cards but they are tracked by their network and are permanently tied to the phone’s ESID in their database. You cant just swap one to your new Sprint phone and start using it it. Because of that I don’t really see the advantage of using SIMs on their network, as the whole idea of a SIM is to make your cellular account portable between phones. If you have to go to Tech Support to get your phone switched over (and they always mail you a new SIM card) then what’s the point of having them?
I’m kind of leaning toward your position on this. The literature I’ve reviewed on the limited processors in SIM cards seems to show they have only very dumb processors with very limited RAM (like 8k to 64K of RAM) and rely on external computers to re-program their EEPROM memories. That does not bode well for them being able to send large amounts of data. For example most are limited to keeping only 99 names, addresses, and phone numbers from a contacts list. How then could it download, store, then execute a sophisticated program to takeover the sophisticated 64bit computer that is a modern cellular phone, much less process and resent gobs of data from that device at high enough of a data density to compromise much? We are talking an unsophisticated processor here that runs at a VERY slow rate of speed, just fast enough to handle a handshake and send out a device ID and make the connection required on a cellular connection.
Le sigh. I miss the days when my iPhone had cute little icons with a faux handcrafted wood look.
I wonder how many people will skip IOS XIII because it’s an unlucky number?
(And back to the main topic, if the goobmint or other nefarious individuals are tracking my iPhone, they’re going to be very, very bored. Work, home, sleep, work, home, sleep, occasional stop at Chili’s for nachos. Huzzah.)
All cell phones have a SIM card.
Encrypted in it is the code that identifies the device to the network.
That’s why only your phone rings when someone dials your number even though the signal is coming over the air on radio waves and theoretically can be “answered” by anyone.
Sidebar: Amazon has released a Windows 10 version of Alexa with is available for download and implementation for those who are not yet disgusted with device intrusions and monitoring.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.