Posted on 09/19/2019 2:00:01 PM PDT by Windflier
Introducing: Simjacker a new SIM card flaw, discovered being actively exploited in the wild, which allows attackers to hijack any phone just by sending it an SMS message. Security Now's Steve Gibson has all the details.
Watch the full episode of Security Now: https://twit.tv/sn/732
Hosts: Leo Laporte, Steve Gibson
https://www.microsoft.com/en-us/p/alexa/9n12z3cctcnz?cid=A4PCemail&rtc=1&activetab=pivot:overviewtab
Gibson Tools, yes it set the Standard for DOS back in the day.
I believe I used their Defragger.
Computers and HDD’s were slow enough back then that Defragging a drive was halfway entertaining.
Not sure if that is true.
My phone is an LG UN 170, and i'm not finding any information about it having a SIM card.
This link says a bunch of basic LG phones don't support SIM cards.
https://www.verizonwireless.com/support/knowledge-base-52469/
If you can find information which says my UN 170 has a SIM card, i'll concede the point.
Cell phones old enough that this couldn’t theoretically affect them do not work with the current networks.
As for nobody wanting to hack it... People will hack connected pet food dishes and refrigerators. Your cell phone is considerably higher on their list of desired targets.
The phone identifying info for that model is built into the phone itself (number assignment module) and does not actually use a removable sim card.
Sim cards are associated with the GSM protocol within which this hack operates. Your phone is using the preGSM protocol called CDMA.
So not only are you right, you're safe!
Here's a link to the instruction manual.
https://www.lg.com/us/support/products/documents/LG-UN170_USC_UG_Web_EN_V1.0_140829.pdf
https://www.lg.com/us/cell-phones/lg-UN170-envoy-iii
SPECIFICATIONS
Type
Basic
Form Factor
Flip
Technology
CDMA*
All GSM and CDMA phones are affected. CDMA has a SIM equivalent but most cheaper CDMA phones don’t have a removable one.
Ditto that!.....LOL!
Sprint is a legacy CDMA carrier and that’s why their system works that way. They have SIM cards on current phones because most phones today require a SIM to be present as they are multi-network phones and have a SIM tray or use eSIMs - and they require *something* to be present for the phone to initialize.
Forgot to mention - they also have to have a SIM card to access 4G LTE networks, as to connect to 4G LTE, you *must* have a SIM card.
Sprint will reportedly kill access to their network for anything less than 4G LTE in 2020 or 2021, Verizon is killing their 2G and 3G CDMA and forcing LTE at the end of this year.
LOL, Swordmaker! You just described my Apple //+ -- with which I wrote the first running version of my "Digital Trowel" graphical analysis software for archaeological excavations -- including "scattergrams" & "contour plots" of artifact concentrations.
And, I wrote it in AppleSoft BASIC -- without making very many hex calls to ROM subroutines or to many subroutines I wrote in the mini-assembler...
My point: You can get quite a bit done within 64K of RAM -- if that's all you have available...
TXnMA
I remember when someone posted a tool to download the tracker file from an iPhone, I downloaded that file from my iPhone and all it showed was a big red dot.
Yes, you can. I once programmed a Commodore Vic-20 to simulate a Roulette wheel, complete with the sound of a bouncing ball, random results, flashing red, black, and occasional green screens and a final random number result including the 0 and 00 house win, (coming up with a truly random number generator was the real problem), and it used all but one byte of the 20K RAM available. If I used that last byte, the program wouldnt run.
On the SIM card youd also have to have some storage area. I think an EEPROM where the programming is stored that is dependent on an external computer to program it is the limiting factor here. . . Plus a means of communicating with and re-programming the CPU of the main device to tap into 64 bit data over a 64 bit data bus, to be able to send that data anywhere is also very problematic. Frankly, I dont see it happening.
I wonder why the processor in the SIM would be anything beyond a minimal 8 or 16 bit device. A SIM is designed to work at low power draw while the device is idle and even while the device is asleep, maintaining contact and awareness of the local cell towers. Anything more would be overkill for the purpose, dont you think?
I mean, you can come arbitrarily close, but truly random? No.
True, especially back then when there was no random number generating chip in computers, but you can come up with an environmental or human factor random number created from when a finger strikes a key, or a clock tick from when the program is started. IIRC, for the seed, I used a counter from when the program started until the user struck a key multiplied by the next key strike, divided by another key strike time. That gave me a environmental time tick that was essentially random, constrained to give a result in the integer range of the roulette wheel. The next one was generated from the time since the last spin finished until the user presses a key starting the wheel spin and the second is when the user released of the ball, and the third was the original seed number, apply the algorithm to constrain, voila, the winning number. . . Simple but it worked.
Perhaps it could be gamed if someone knew that was how it was generated, but no one knew that. I tried, with no success.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.