Follow

Simjacker: Hacking via SMS.

- Position und IMEI von Zielpersonen abgreifen
- Senden von Fake-SMS im Namen eines Opfers
- Initiieren von Anrufen bspw. zu einem Angreifer, um die Umgebung / Gespräche zu belauschen
- Abfragen von Status-Informationen wie Batteriestand
- Denial of Service gegen eine SIM-Karte

This is bad. :-/

simjacker.com/

@kuketzblog finally, a good fucking reason for me to get rid of my phone :blobcatthinkowo:

@kuketzblog we DESPERATELY need a hacker community around phones to experiment with them and reverse engineer them

and to reverse engineer cellular modems etc

but we can't have it because phones brick themselves over the tiniest thing, they're not like laptops where you can distro and OS hop without any worries

phones need to have a simple read-only recovery mechanism so we can always recover, plus things like boot from microsd

:blobcatsad:

@xj9 @kuketzblog the zerophone is a great project but it's a very barebones phone :(

@lumi @kuketzblog battery doesn't even last a week so idk how useful that could be.

@kuketzblog i really hope that the pinephone and postmarketos can kick-start something like this

they're both doing amazing work

@lumi
There are projects live multiROM which make bootung from sd cards and usb sticks possible. Also, some smartphones with a qualcomm chipset have a qualcomm recovery mode which enables you to install an image to the phone and unbrick it. AFAIK this is read-only. Its used quite a lot to unbrick phones where the normal recovery mode does not work.
@kuketzblog

@kuketzblog Mit ist jetzt noch nicht klar geworden, wie sich das von der "Stillen SMS" abgrenzt.

de.m.wikipedia.org/wiki/Stille

@leftbit
Stille SMS beingt nur die location zutage, und benötigt cooperation mit dem netzbetreiber.
@kuketzblog

@tobiaswiese @leftbit @kuketzblog
Richtiges Whitepaper gibt es wohl erst ab dem 03.10, aber hier ist es recht genau beschrieben: adaptivemobile.com/blog/simjac - die Angreifer haben außerdem auch SS7 Zugang (was mMn für Stille SMS ausreicht). Ich bin gespannt, wer diesmal die Angreifer sind. Ich würde auf das UAE Umfeld tippen ;)

@kuketzblog @piggo When I worked in the *dark side* I saw some companies capture mobile phone signal to track people in their shops and in the street. They told me it was a common practice. Many banks do this.

This is just a little bit more. Ugh.

So much shit out there.
The problem is there are plenty of engineers implementing this bullshit.

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!