Bitcoin Forum

I read this horror story on an Italian newspaper, so I looked for an english version:  

Simjacker attack exploited in the wild to track users for at least two years (https://www.zdnet.com/article/new-simjacker-attack-exploited-in-the-wild-to-track-users-for-at-least-two-years/)


More info here:
https://simjacker.com/


This reminds me of what can happen with a SIM swap attack:

 My SIM swap attack: How I almost lost $71K, and how to prevent it (https://hackernoon.com/my-sim-swap-attack-how-i-almost-lost-dollar71k-and-how-to-prevent-it-tj39q3aju)



You can try to apply some precautions, but it's always too little , too late.

How to Protect Yourself Against a SIM Swap Attack (https://www.wired.com/story/sim-swap-attack-defend-phone/)


This should be a wake up alarm, we all thing we are tech/savy, prudent and operate with good OpSec.
Reality is: the bar not to be hacked is higher than we (Fillippone) tought.

EDIT: Apparently the exploit has long been knwon, but telcos' nevever gasred to fix it, or even worse knew about governments paln about our data:
How I hacked SIM cards with a single text - and the networks DON'T CARE (https://www.theregister.co.uk/2013/09/23/white_hat_sim_hacker_disillusioned_and_dismayed_by_operator_response/)

There  will always be talented (and even genius) people who can use a technology for a different purpose than what we normal people know them for. This case for the mobile phone can be an alarming one all because billions of people can be at risk here if that same hacking technology can be employed to track people without the consent of the individuals involved. In the world where privacy is endangered, this news is making me uneasy but it is good that this brought to light right now so we can be aware and solutions can be done against it.

I understand that no one is safe in this digital world and we should always be security conscious and practice utmost safeguards and

precautions that will help lessen the possibility of  our security and privacy being compromised! Much better if we lessen our digital

footprints by using these mobile device less frequently. :)

For 2 years? he has some kind of mental illness like he won't stop until he gets what he wants.
this is some serious matters and one of the creepiest story I've ever heard.
Luckily poor people like us are not prone to this kind of attacker even he tracks people like us he gets nothing in return.

I'm not at all surprised that someone did something like this, we can say that spying is one big business today. Not only security agencies are involved in this, but also the private sector who then sells the informations to interested parties. There is one big obsession with total control over people, and the technology that exists today is ideal for precisely this kind of surveillance.

However, I think that most users who use smartphones today share their location in some way on a completely voluntary basis via Google services, Viber and similar apps. I see biggest problem is fact that this kind of attacks can do much more than just locate users, and in this regard something like this can be potentially dangerous for those who use crypto wallets on their mobile phones, or any type of 2FA protection.

The company that discovered this is say that they are block attacks, and that they are working with mobile providers and manufacturers of SIM cards to prevent this in future.

Being into digitized atmosphere is an advancement, by the same time it has got the highest level of risk. Even a small error could lead to breach and loss of entire funds. We've got various levels of security features, but those were also developed by human.

There will be people who can break this barriers. So, we need to be careful handling all the funds whether through mobile or personal computers. While using through mobile phones it is good to find the trusted application and use it. Most of the issues happen through untrusted application installation.

This is why I don't engage in random download of Apps, I try to always go through the developers web link just to be very sure of an not installing a phishing app. And friends should be enourage too to follow the develpers weblink and check ratings and developers.

When your phone number is known, the risk is there.


Also don't repost anything related to crypto and brag about how much coins you got in your wallet on your social media account. This is why I don't join the facebook campaigns besides the fact that I have no idea who of my friends are also into crypto. Sharing information can make you a target to a crime. 

Imagine how Bitcoin's already low adoption would be crippled if everyone stopped keeping their coins on exchanges (lower liquidity) and didn't use mobile wallets (less real-world payments). The better advice is to take as much precautions as possible, and only store amounts that you can afford to lose in those unsecure environments. The rest of the coins should be stored in cold storage. But storing all your coins in cold storage is not very practical, as it hinders your ability to quickly make payments.

There are almost no privacy in our days. SIMs have a lot of vulnerabilities (s7, for example), android is the one big security hole.
You can be safe only if you dont use smartphones

When smartphones appeared our privacy disappeared, that is a well known fact.
Unfortunately many people are still very reckless and kepp all sort of data and applications on their phones unprotected. Sometimes they even download all sort of apps from unknown sources and thus endanger their private and financial data.
Cryptocurrencies are very attractive for people with bad intentions and almost everyone of us also has mobile wallet. Make sure to protect it the best you can.

Truth is, OpSec and smartphone is something that doesn't normally go together. Unless you have one of the rare (non Android) Linux phones, installed and secured by yourself, instead of the usual android/ios...

The Android ecosystem is very vulnerable and exploits have been occurring nonstop. Its almost as dangerous as running Windows in a PC, thanks to its closed proprietary software ecosystem, and "shortcuts" taken in its OS design.

Would be interesting to see if Huawei's OS fares any better. At least they promised to provide the source code...

Huawei software is a joke. Horrible bloat without a use, and you can't delete any of it. This could appear to be unrelated, but it's a prime sign of sloppy thinking. Besides, they are not giving out bootloader unlock codes, because "the user experience could be worsened by customizations". Yes, that's their official response. So you're in their hands - no alternative option.

I'll believe a software vendor cares about security when they slim the software down to reasonable sizes. Going full open source would be another green mark.

Android is a semi-closed environment under the control of Google (otherwise it wouldn't be possible for Google to ban Huawei from using it)
Apple is a closed environment under the control of Apple (I think nobody can argue  with that)
Other solution are totally sub-par, considering support, efficiency and number of available applications.
Yes, I do think mobile security is fundamentally broken.
Critical apps should be taken away from mobile, inconvenient truth.

SMS based attacks in my view is just the tip of the iceberg.
Backdoors in popular apps are affecting 10s of millions of users, not to mention the surveillance of Facebook app. There are rumors that Whatsapp will also soon be spying on us.

While you can be exempt from being spied by apps, simply not installing them and keeping your system clean, it is difficult being tracked down by this GSM exploit, as it happens automatically, without user interaction, whatever the system  software is.
So bigger threat: caused by just having a mobile in your hand.

There's really a risk in digital world. It's the cons of technology nowadays. Although technology wasn't made with that purpose, it's the abusing people who are inevitable. Especially we all know that most people now have a lot of important information on their cellphones. As we depend on technology like our phones with our privacy, we become more vulnerable. Crypto is not an exemption. It's more vulnerable for bad people that's why we should always be careful with what we do in our phones and social media

There's a proverb in my country. The door doesn't last to the thief. Of course we have to take precautions, but I don't think we have much luck when the thief is malicious. Like I said, there's no need to make an obsession. Just take precautions.

In my opinion, it has always been well known that a mobile phone and the Internet are all that cybercriminals need to know absolutely everything about us. Almost none of our precautions will lead to anything if we just turn on our mobile phone and even connect to the Internet. This is enough to see us, to hear, to observe us, to know exactly our location with an accuracy of a meter. The relevant intelligence agencies have long been using these opportunities to observe individual citizens, bypassing the legal procedure of wiretapping and surveillance.
Civilization provides us with various benefits, but we always pay for them with our freedom.

Cyber-criminals use this venue to keep tracking individuals that they wanted to penetrate there's no escape once you have been targeted, there's always a perfect way for them to stay close, with this ideas the best thing to do is to act accordingly, we need to have right knowledge in order to do some prosecution matters to avoid and lessen the risk of being penetrated. with good knowledge chances to protect yourself can be done.

Our privacy has been at risk for a long time. We need to be very careful about keeping our private information, passwords etc. . If we do not keep our data in a secure place, then the risk is getting bigger.

All returned to the user. We must be careful and not arbitrarily spread our SIM or email numbers on the internet. It would be better if you give it to someone you can trust. Because there could be hackers who take advantage of loopholes after knowing your SIM card number. Always use layered security on Exchanger accounts or private wallets such as 2fa or email verification.

Unfortunately, there are tons of ways and scammers are upgraded their way on how to scam us using our mobile phones through apps that are being downloaded.

Here are some topics that may increase our awarenes. They can possibly access our mobile phone.

•  Browser Extensions that can steak our stored Bitcoin (https://bitcointalk.org/index.php?topic=5184958.msg52467274#msg52467274)
  
• Android Users with apps downloaded that have affectes by Malware (https://bitcointalk.org/index.php?topic=5184288.msg52443379#msg52443379)
  
  We should not download unnecessary apps to our mobile phones, extra precautions should be done especially when we have some bitcoins that are stored in our phone.

Don't keep coins on exchanges is acceptable but don't keep coins on phone? i don't see any reason why because i think its safe on my own side, i have been keeping my coins on phone since 2016 and i have no issue till date, secondly my phone has inbuilt fingerprint and face recognition for anyone to access

its not acceptable to me because i often used exchanges for trading so putting my coins on them can be convinient  but if you are scared then better if you withdrew your coins away from exchanges  and only deposit on them if you will use it imediately  .  you said your phone is open to anyone but why did you do that ? i think that is more risky because anyone that opens your phone can be a suspect if ever you lost your coins on your phone  . you shouldnt store coins on it or you should not open your password to anyone else  .

I use a burner phones for all my Crypto related stuff, so I can see where attacks are coming from. The Sim swap thing is not something new and in my country we have syndicates that are working with employees that are working for the telecommunication companies to enable them to do these Sim swaps. <The companies normally deny any involvement when their employees are compromised, so very little happens when you are a victim of these syndicates.>

Also remember that these Sim swaps are targeted at online Banking services too, so it is not just Bitcoin related services that are targeted by this.  >:( >:( >:(

He probably only said that because it's easier to lose coins in your phone than in your PC, but if you know what you're doing, phones should be perfectly viable for storage. This attack, for one, is practically limited to tracking victims, so there shouldn't be any risk of crypto loss. Just make sure you don't keep large amounts anywhere that's not cold storage.

Google auth is lame authenticator app (but unfortunately, widely known, just cause, Google brand), if someone gets their hands on your phone, the codes are available naked, better use authenticator apps that takes measures to protect it.

Be warned that this kind of attack is still a threat on Bitcoin Hodlers:

US Officials Allege Student Defrauded Apple as Part of SIM Swap Attack (https://www.coindesk.com/us-officials-allege-student-defrauded-apple-as-part-of-sim-swap-attack)



There are many ways to counter this type of attack:

• Always use different phones to access a website and to activate 2FA (having 2FA on the same device is dangerous).
• Be aware of this type of attack and do not understimate warning sign
• Be alert, practice your own OPSEC.

Right! There are many talented people in the world. They are better than we think, especially when they use technology very well. A smartphone in their hands could hold the world. So now cyber criminals are many. When using online accounts you need to take care not to be stolen. When using Zalo face you are also hacked accounts.

You can forget about privacy. It no longer exists. Forget about it.

Crimes related to mobile phones are not new, even the government can be the perpetrators. As Edward Snowden said that
the government can tap the mobile phones that we use. Now privacy is almost non-existent, so be more careful inside using
mobile phones. With many SIM Swap Attack incidents against cryptocurrency users, it is indeed the safest place to store
cryptocurrency is a hardware wallet.

SIM Swapping is the attack I fear most because if normally it's easy to follow some precautions to avoid being scammed, it doesn't feel like it's the case with SIM cards. And I do use 2FA to get access to my Bitcoin wallet, so my phone is involved in the process. Even after reading about the measures I don't feel like they're actually going to help much, and adding them means making a lot of processes related to using a phone more complicated... Even though the op created the post back in September 2019, it's still a very relevant issue with no definite way of protecting oneself against such an attack.