fillippone (OP)
Legendary
Offline
Activity: 2310
Merit: 16534
Fully fledged Merit Cycler - Golden Feather 22-23
|
|
September 13, 2019, 12:12:01 PM Last edit: September 13, 2019, 01:42:05 PM by fillippone |
|
I read this horror story on an Italian newspaper, so I looked for an english version: Simjacker attack exploited in the wild to track users for at least two yearsSecurity researchers have disclosed today an SMS-based attack method being abused in the real world by a surveillance vendor to track and monitor individuals.
"We are quite confident that this exploit has been developed by a specific private company that works with governments to monitor individuals," security researchers from AdaptiveMobile Security said in a report released today.
"We believe this vulnerability has been exploited for at least the last 2 years by a highly sophisticated threat actor in multiple countries, primarily for the purposes of surveillance."
More info here: https://simjacker.com/This reminds me of what can happen with a SIM swap attack: My SIM swap attack: How I almost lost $71K, and how to prevent itI’m a security-conscious IT professional working in blockchain for 3 years, and was stunned by the ease of the attack and how my normal security precautions failed. While the attack was frustrating and embarrassing, I believe strongly that we must learn from failure — and we must socialize to do better in the future. So I am sharing what happened, what I learned and what we can do better to prevent this kind of fraud.
You can try to apply some precautions, but it's always too little , too late. How to Protect Yourself Against a SIM Swap AttackPerfect security hygiene won’t always keep someone from fooling your carrier, and in fact, they may not even have to; Flashpoint has found some indications that SIM hijackers recruit retail workers at mobile shops to gain access to protected accounts. A comprehensive SIM swap fix would require fundamentally rethinking the role of phone numbers in 2018. “Phone numbers were never intended to be a way to confirm someone’s identity,” says Nixon. “Phone companies were never in the business to sell identity documents. It was imposed on them.”
The good news is, you can take steps to limit the chances that a SIM swap attack will happen to you—and limit the fallout if it does.
This should be a wake up alarm, we all thing we are tech/savy, prudent and operate with good OpSec. Reality is: the bar not to be hacked is higher than we (Fillippone) tought. EDIT: Apparently the exploit has long been knwon, but telcos' nevever gasred to fix it, or even worse knew about governments paln about our data: How I hacked SIM cards with a single text - and the networks DON'T CARE
|
|
|
|
joelsamuya
Member
Offline
Activity: 532
Merit: 41
https://emirex.com
|
|
September 13, 2019, 12:19:45 PM |
|
There will always be talented (and even genius) people who can use a technology for a different purpose than what we normal people know them for. This case for the mobile phone can be an alarming one all because billions of people can be at risk here if that same hacking technology can be employed to track people without the consent of the individuals involved. In the world where privacy is endangered, this news is making me uneasy but it is good that this brought to light right now so we can be aware and solutions can be done against it.
|
|
|
|
bitsurfer2014
|
|
September 13, 2019, 12:39:10 PM |
|
I understand that no one is safe in this digital world and we should always be security conscious and practice utmost safeguards and precautions that will help lessen the possibility of our security and privacy being compromised! Much better if we lessen our digital footprints by using these mobile device less frequently.
|
|
|
|
yazher
|
|
September 13, 2019, 12:41:53 PM |
|
For 2 years? he has some kind of mental illness like he won't stop until he gets what he wants. this is some serious matters and one of the creepiest story I've ever heard. Luckily poor people like us are not prone to this kind of attacker even he tracks people like us he gets nothing in return.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3388
Merit: 6103
Crypto Swap Exchange🈺
|
|
September 13, 2019, 12:49:10 PM |
|
I'm not at all surprised that someone did something like this, we can say that spying is one big business today. Not only security agencies are involved in this, but also the private sector who then sells the informations to interested parties. There is one big obsession with total control over people, and the technology that exists today is ideal for precisely this kind of surveillance.
However, I think that most users who use smartphones today share their location in some way on a completely voluntary basis via Google services, Viber and similar apps. I see biggest problem is fact that this kind of attacks can do much more than just locate users, and in this regard something like this can be potentially dangerous for those who use crypto wallets on their mobile phones, or any type of 2FA protection.
The company that discovered this is say that they are block attacks, and that they are working with mobile providers and manufacturers of SIM cards to prevent this in future.
|
|
|
|
AjithBtc
Sr. Member
Offline
Activity: 1666
Merit: 276
Vave.com - Crypto Casino
|
|
September 13, 2019, 12:52:56 PM |
|
Being into digitized atmosphere is an advancement, by the same time it has got the highest level of risk. Even a small error could lead to breach and loss of entire funds. We've got various levels of security features, but those were also developed by human.
There will be people who can break this barriers. So, we need to be careful handling all the funds whether through mobile or personal computers. While using through mobile phones it is good to find the trusted application and use it. Most of the issues happen through untrusted application installation.
|
|
|
|
Ibizugbe1
Member
Offline
Activity: 272
Merit: 10
|
|
September 13, 2019, 01:01:57 PM |
|
This is why I don't engage in random download of Apps, I try to always go through the developers web link just to be very sure of an not installing a phishing app. And friends should be enourage too to follow the develpers weblink and check ratings and developers.
|
|
|
|
target
Legendary
Offline
Activity: 2282
Merit: 1041
|
|
September 13, 2019, 01:13:39 PM |
|
When your phone number is known, the risk is there. Don't keep coins on exchanges, don't keep coins on phones and make sure your 2fa isn't sms based. It's an easy way to not take a apart in these. That and don't give your phone number out to everyone, they have to know who to target as well.
Possibly run a second burner phone with just sms and Google auth and other 2fa, nothing else.
Also don't repost anything related to crypto and brag about how much coins you got in your wallet on your social media account. This is why I don't join the facebook campaigns besides the fact that I have no idea who of my friends are also into crypto. Sharing information can make you a target to a crime.
|
|
|
|
hatshepsut93
Legendary
Offline
Activity: 3038
Merit: 2160
|
|
September 13, 2019, 01:37:17 PM |
|
Don't keep coins on exchanges, don't keep coins on phones
Imagine how Bitcoin's already low adoption would be crippled if everyone stopped keeping their coins on exchanges (lower liquidity) and didn't use mobile wallets (less real-world payments). The better advice is to take as much precautions as possible, and only store amounts that you can afford to lose in those unsecure environments. The rest of the coins should be stored in cold storage. But storing all your coins in cold storage is not very practical, as it hinders your ability to quickly make payments.
|
|
|
|
coiningz
Jr. Member
Offline
Activity: 194
Merit: 8
|
|
September 13, 2019, 01:45:21 PM |
|
There are almost no privacy in our days. SIMs have a lot of vulnerabilities (s7, for example), android is the one big security hole. You can be safe only if you dont use smartphones
|
|
|
|
bitbunnny
Legendary
Offline
Activity: 2912
Merit: 1068
WOLF.BET - Provably Fair Crypto Casino
|
|
September 13, 2019, 01:45:40 PM |
|
When smartphones appeared our privacy disappeared, that is a well known fact. Unfortunately many people are still very reckless and kepp all sort of data and applications on their phones unprotected. Sometimes they even download all sort of apps from unknown sources and thus endanger their private and financial data. Cryptocurrencies are very attractive for people with bad intentions and almost everyone of us also has mobile wallet. Make sure to protect it the best you can.
|
|
|
|
Artemis3
Legendary
Offline
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
|
|
September 13, 2019, 01:55:45 PM |
|
I read this horror story on an Italian newspaper, so I looked for an english version: Simjacker attack exploited in the wild to track users for at least two yearsSecurity researchers have disclosed today an SMS-based attack method being abused in the real world by a surveillance vendor to track and monitor individuals.
"We are quite confident that this exploit has been developed by a specific private company that works with governments to monitor individuals," security researchers from AdaptiveMobile Security said in a report released today.
"We believe this vulnerability has been exploited for at least the last 2 years by a highly sophisticated threat actor in multiple countries, primarily for the purposes of surveillance."
More info here: https://simjacker.com/This reminds me of what can happen with a SIM swap attack: My SIM swap attack: How I almost lost $71K, and how to prevent itI’m a security-conscious IT professional working in blockchain for 3 years, and was stunned by the ease of the attack and how my normal security precautions failed. While the attack was frustrating and embarrassing, I believe strongly that we must learn from failure — and we must socialize to do better in the future. So I am sharing what happened, what I learned and what we can do better to prevent this kind of fraud.
You can try to apply some precautions, but it's always too little , too late. How to Protect Yourself Against a SIM Swap AttackPerfect security hygiene won’t always keep someone from fooling your carrier, and in fact, they may not even have to; Flashpoint has found some indications that SIM hijackers recruit retail workers at mobile shops to gain access to protected accounts. A comprehensive SIM swap fix would require fundamentally rethinking the role of phone numbers in 2018. “Phone numbers were never intended to be a way to confirm someone’s identity,” says Nixon. “Phone companies were never in the business to sell identity documents. It was imposed on them.”
The good news is, you can take steps to limit the chances that a SIM swap attack will happen to you—and limit the fallout if it does.
This should be a wake up alarm, we all thing we are tech/savy, prudent and operate with good OpSec. Reality is: the bar not to be hacked is higher than we (Fillippone) tought. EDIT: Apparently the exploit has long been knwon, but telcos' nevever gasred to fix it, or even worse knew about governments paln about our data: How I hacked SIM cards with a single text - and the networks DON'T CARETruth is, OpSec and smartphone is something that doesn't normally go together. Unless you have one of the rare (non Android) Linux phones, installed and secured by yourself, instead of the usual android/ios... The Android ecosystem is very vulnerable and exploits have been occurring nonstop. Its almost as dangerous as running Windows in a PC, thanks to its closed proprietary software ecosystem, and "shortcuts" taken in its OS design. Would be interesting to see if Huawei's OS fares any better. At least they promised to provide the source code...
|
█████████████████████████ ██████████████████████████ ██████████████████████████ ███████████████████████████ | BRAIINS OS+| | AUTOTUNING MINING FIRMWARE| | Increase hashrate on your Bitcoin ASICs, improve efficiency as much as 25%, and get 0% pool fees on Braiins Pool | |
|
|
|
d_eddie
Legendary
Offline
Activity: 2646
Merit: 3530
|
|
September 13, 2019, 02:14:38 PM |
|
Truth is, OpSec and smartphone is something that doesn't normally go together. Unless you have one of the rare (non Android) Linux phones, installed and secured by yourself, instead of the usual android/ios...
The Android ecosystem is very vulnerable and exploits have been occurring nonstop. Its almost as dangerous as running Windows in a PC, thanks to its closed proprietary software ecosystem, and "shortcuts" taken in its OS design.
Would be interesting to see if Huawei's OS fares any better. At least they promised to provide the source code...
Huawei software is a joke. Horrible bloat without a use, and you can't delete any of it. This could appear to be unrelated, but it's a prime sign of sloppy thinking. Besides, they are not giving out bootloader unlock codes, because "the user experience could be worsened by customizations". Yes, that's their official response. So you're in their hands - no alternative option. I'll believe a software vendor cares about security when they slim the software down to reasonable sizes. Going full open source would be another green mark.
|
|
|
|
fillippone (OP)
Legendary
Offline
Activity: 2310
Merit: 16534
Fully fledged Merit Cycler - Golden Feather 22-23
|
|
September 16, 2019, 11:49:25 AM |
|
Android is a semi-closed environment under the control of Google (otherwise it wouldn't be possible for Google to ban Huawei from using it) Apple is a closed environment under the control of Apple (I think nobody can argue with that) Other solution are totally sub-par, considering support, efficiency and number of available applications. Yes, I do think mobile security is fundamentally broken. Critical apps should be taken away from mobile, inconvenient truth.
|
|
|
|
mazdafunsun
|
|
September 16, 2019, 02:58:32 PM |
|
SMS based attacks in my view is just the tip of the iceberg. Backdoors in popular apps are affecting 10s of millions of users, not to mention the surveillance of Facebook app. There are rumors that Whatsapp will also soon be spying on us.
|
|
|
|
fillippone (OP)
Legendary
Offline
Activity: 2310
Merit: 16534
Fully fledged Merit Cycler - Golden Feather 22-23
|
|
September 16, 2019, 03:02:27 PM |
|
While you can be exempt from being spied by apps, simply not installing them and keeping your system clean, it is difficult being tracked down by this GSM exploit, as it happens automatically, without user interaction, whatever the system software is. So bigger threat: caused by just having a mobile in your hand.
|
|
|
|
jake zyrus
|
|
September 16, 2019, 03:41:39 PM |
|
There's really a risk in digital world. It's the cons of technology nowadays. Although technology wasn't made with that purpose, it's the abusing people who are inevitable. Especially we all know that most people now have a lot of important information on their cellphones. As we depend on technology like our phones with our privacy, we become more vulnerable. Crypto is not an exemption. It's more vulnerable for bad people that's why we should always be careful with what we do in our phones and social media
|
|
|
|
Nadziratel
Sr. Member
Offline
Activity: 1568
Merit: 321
★777Coin.com★ Fun BTC Casino!
|
|
September 16, 2019, 04:13:41 PM |
|
There's really a risk in digital world. It's the cons of technology nowadays. Although technology wasn't made with that purpose, it's the abusing people who are inevitable. Especially we all know that most people now have a lot of important information on their cellphones. As we depend on technology like our phones with our privacy, we become more vulnerable. Crypto is not an exemption. It's more vulnerable for bad people that's why we should always be careful with what we do in our phones and social media
There's a proverb in my country. The door doesn't last to the thief. Of course we have to take precautions, but I don't think we have much luck when the thief is malicious. Like I said, there's no need to make an obsession. Just take precautions.
|
|
|
|
Argoo
|
|
September 16, 2019, 04:16:56 PM |
|
While you can be exempt from being spied by apps, simply not installing them and keeping your system clean, it is difficult being tracked down by this GSM exploit, as it happens automatically, without user interaction, whatever the system software is. So bigger threat: caused by just having a mobile in your hand.
In my opinion, it has always been well known that a mobile phone and the Internet are all that cybercriminals need to know absolutely everything about us. Almost none of our precautions will lead to anything if we just turn on our mobile phone and even connect to the Internet. This is enough to see us, to hear, to observe us, to know exactly our location with an accuracy of a meter. The relevant intelligence agencies have long been using these opportunities to observe individual citizens, bypassing the legal procedure of wiretapping and surveillance. Civilization provides us with various benefits, but we always pay for them with our freedom.
|
|
|
|
Pamadar
Legendary
Offline
Activity: 2982
Merit: 1028
|
|
September 16, 2019, 04:32:56 PM |
|
While you can be exempt from being spied by apps, simply not installing them and keeping your system clean, it is difficult being tracked down by this GSM exploit, as it happens automatically, without user interaction, whatever the system software is. So bigger threat: caused by just having a mobile in your hand.
In my opinion, it has always been well known that a mobile phone and the Internet are all that cybercriminals need to know absolutely everything about us. Almost none of our precautions will lead to anything if we just turn on our mobile phone and even connect to the Internet. This is enough to see us, to hear, to observe us, to know exactly our location with an accuracy of a meter. The relevant intelligence agencies have long been using these opportunities to observe individual citizens, bypassing the legal procedure of wiretapping and surveillance. Civilization provides us with various benefits, but we always pay for them with our freedom. Cyber-criminals use this venue to keep tracking individuals that they wanted to penetrate there's no escape once you have been targeted, there's always a perfect way for them to stay close, with this ideas the best thing to do is to act accordingly, we need to have right knowledge in order to do some prosecution matters to avoid and lessen the risk of being penetrated. with good knowledge chances to protect yourself can be done.
|
|
|
|
|