Can a Sim card be hacked cloned or infected with a virus.... (1 Viewer)

buttons · Apr 20, 2018

Any experts out there who can tell me if a SIM card can be hacked cloned or be infected with a virus.

pappajohn · Apr 20, 2018

I doubt it.
SIM card only effectively completes a circuit within the phone/mifi with unique data on that card.
It would need a writable memory like an SD card

Geo · Apr 20, 2018

It would appear they can :Eeek:

Google is the font of all scaremongering

tonyidle · Apr 20, 2018

pappajohn said:
I doubt it.
SIM card only effectively completes a circuit within the phone/mifi with unique data on that card.
It would need a writable memory like an SD card

A SIM card is writeable. At one time it was offered as a back-up location for Contacts by whatever phone it was in. They can also be read, and presumably written, by a PC. So Yes I'd say it would be possible to write nefarious software to a SIM. Never heard of it happening though.

Gromett · Apr 20, 2018

Yes, but not seen anything beyond a PoC so far, never heard of it in the wild.

Manxcat · Apr 20, 2018

They can be. No actual known examples though.

buttons · Apr 20, 2018

Geo said:
It would appear they can Google is the font of all scaremongering

I did of course use google but it all appeared a bit inconclusive so I thought I would use the combined brain power of FUN......

buttons · Apr 20, 2018

Gromett said:
Yes, but not seen anything beyond a PoC so far, never heard of it in the wild.

Thanks Gromett your opinion is always welcome and appreciated...

movan · Apr 20, 2018

buttons said:
Thanks Gromett your opinion is always welcome and appreciated...

Gromett says you should adopt me as your mother .. and look after me.

May I ask .. when they say a simm card or a facebook account has been compromised .. what EXACTLY do they mean? Do they have access to your emails or what? Or do they somehow read into your phone/computer and get all your passwords? Sorry .. I know it's a daft question but I don't understand HOW MUCH they can take off a maninthestreet phone.

pappajohn · Apr 20, 2018

Like altzeimers, you learn something new every day.

Burgo · Apr 20, 2018

As a Sim card is, basically, writeable memory in theory one could write an executable file to it and run that from the phone / tablet . Probably much easier to simply use an App as the vector to download dodgy stuff straight into the phones memory in the first place though.

buttons · Apr 20, 2018

movan said:
Gromett says you should adopt me as your mother .. and look after me.
May I ask .. when they say a simm card or a facebook account has been compromised .. what EXACTLY do they mean? Do they have access to your emails or what? Or do they somehow read into your phone/computer and get all your passwords? Sorry .. I know it's a daft question but I don't understand HOW MUCH they can take off a maninthestreet phone.

Hi Mum how is life in your motorhome today...

As far as I am aware Joy hacking can come in various levels. In it's most severe form the hacker can completely take over your computer, take control of your facebook and what ever other media package that you are linked to, they can even turn your camera on and observe you from afar. However, given a good level of protection then this should not happen.
The reason I posted this thread today is my Daughter who is becoming paranoid that her every move is being taken over from a remote station. She has spent a bit of time recently in Barbados, each time she comes back she has this problem with hacking. She has now binned all her phones and tablet and started afresh with new phone and Sim.''''

movan · Apr 20, 2018

buttons said:
Hi Mum how is life in your motorhome today... As far as I am aware Joy hacking can come in various levels. In it's most severe form the hacker can completely take over your computer, take control of your facebook and what ever other media package that you are linked to, they can even turn your camera on and observe you from afar. However, given a good level of protection then this should not happen.
The reason I posted this thread today is my Daughter who is becoming paranoid that her every move is being taken over from a remote station. She has spent a bit of time recently in Barbados, each time she comes back she has this problem with hacking. She has now binned all her phones and tablet and started afresh with new phone and Sim.''''

Thanks Buttons. That is scary.. Hope your daughter gets sorted quickly.

Clarky · Apr 21, 2018

I blame the Russians!

Richard.

scotjimland · Apr 21, 2018

that must be very difficult, unless you never buy on-line..

how do you get around that ?

Gromett · Apr 21, 2018

But not by hackers remotely.
You need the IMSI number and the private key. The IMSI number may escape from the carrier but the private key would need physical access to the sim.

If the sim hasn't been out of your control then it cannot be cloned as far as I am aware.

Gromett · Apr 21, 2018

I wrote the previous post from memory so thought I should check if it was accurate

I was accurate to a point... This explains what is needed in detail.

https://www.quora.com/How-can-I-clone-a-sim-card-without-the-actual-card

Minxy · Apr 21, 2018

buttons said:
The reason I posted this thread today is my Daughter who is becoming paranoid that her every move is being taken over from a remote station. She has spent a bit of time recently in Barbados, each time she comes back she has this problem with hacking. She has now binned all her phones and tablet and started afresh with new phone and Sim.''''

It sounds to me like you need to get some help for your daughter before this 'paranoia' gets worse ... seriously.

Gromett · Apr 21, 2018

As I understand it the sim uses public key encryption and the private key is not extractable easily and only then by having physical access. The private key never leaves the sim in normal operation. Sniffing the data stream wouldn't give you the private key...

On keyless alarms.. I am not sure that they actually use public key encryption. The older ones I know used a rolling key which is why you could sniff and guess at the next key in the cycle because they were using maths to calculate the next key.

Originally car fobs used a static key, so all a thief had to do was listen for the code and repeat it.
Then the car fobs moved to using a rolling key where the car generated a new key each time one was used. This new key could be sniffed or guessed.

This is totally different to properly implemented public key encryption. For those who don't understand what public key encryption is...
You have a public key which you give away to anyone.
You have a private key which never leaves your control.
Any data encrypted using the private key can be decrypted by the public key.
Any data encrypted by the public key can only be decrypted by the private key.

It can be used for authentication (who are you) and encryption (what you have).

So say for instance I wanted to confirm that the person I was sending a message to was actually who they say they are. I would encrypt a message using that persons public key (freely available).
The only person who can decrypt that message is the person who has the private key. They will decrypt the message and tell me what it is. I then know that they are who they say they are.

That person could also prove who they are by encrypting a message with their private key that anyone can then confirm is them by decrypting with their public key.

In a car alarm, I would do it like this. The car has a public and private key. The fob has a public and private key. Remember the private key never leaves the device. In the cars electronics to enable a fob I would add that fobs public key to my trusted chain. When someone presses a button on the fob it sends a message encrypted with it's private key which says unlock and a timecode. Any car in the area would then attempt to decrypt that message using public keys in their trusted chain. If that fob is not in the trusted chain then it would stop at this point.
However if it was able to decrypt the message it would compare the time stamp and if within 30 seconds say it would move onto the next stage. The car would then encrypt a message using the public key of the fob with a random code attached. The fob would have to decrypt this message retrieve the code, encrypt it with the fobs private key and transmit it. The car would then decrypt it again using the public key of the fob. If the code matches it would then unlock the car.

This sounds really complicated but it isn't. It happens literally billions of times a second on the internet when using your web browser to acess an SSL site. The above chain is much simplified and probably has a few flaws as I just designed an ad hoc process on the spot for demonstration based on my experience of daily use of Public key encryption. The beauty of it is, no identical or rotating data is sent that allows thieves to sniff the stream and gain access. The car authenticates that the fob is actually a real fob and is who it says it is. It then runs a couple of time stamped communication cycles that prove that the results haven't been pre-recorded and played back.

Anyway, back to the sim. Providing they don't have a bug in them that leaks the private key, there is no way to clone the sim that I can think of remotely.

Forums

Rallies

Reviews

Local Guide

Classifieds

Resources

Journals

Can a Sim card be hacked cloned or infected with a virus.... (1 Viewer)

buttons

pappajohn

Geo

Trader - Funster

tonyidle

Gromett

Manxcat

buttons

buttons

movan

pappajohn

Burgo

buttons

movan

Clarky

scotjimland

Gromett

Gromett

Minxy

Gromett

Latest journal entries

Week 3 UK to Cyprus - Greek Beaches, we can't leave...

Awaycation Summer 2023 - France

Croatia Or Bust..... 7 countries 17 nights

Funsters who are viewing this thread