I just heard about the ''simjacking'' vulnerability bug (sms message causes phone takeover). Should I worry about it? I'm using an up to date Android P on a Moto One. I heard about this on ''Security Now''. Yikes! I immediately removed both sim cards from my smartphone. I plan to purchase a cheap dumb phone tomorrow, install my main sim and use it only for cell calls and sms. Am I overreacting? Anyway to protect my smartphone from simjacking? Thx,
-
After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.
Help Should I worry about simjacking?
- Thread starter Advait
- Start date
You're referring to this?
https://www.vice.com/en_us/article/vbqax3/hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin
That's got nothing to do with the actual phone type, and even having a cheap dumb phone will not help. Most important thing is to keep your personal information like your SSN away from phishing attempts, data leaks, etc.
https://www.vice.com/en_us/article/vbqax3/hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin
That's got nothing to do with the actual phone type, and even having a cheap dumb phone will not help. Most important thing is to keep your personal information like your SSN away from phishing attempts, data leaks, etc.
No, I'm referring to this new vuln: https://www.forbes.com/sites/zakdof...sk-from-nasty-simjacking-attack/#1ee3bda5b320
The dumb phone (feature phone) would be new and have no personal info and I wouldn't care if it was hijacked. However, it would be a big problem if my main smartphone was hijacked. It has all kinds of personal info. That's why I'm thinking of getting the dumb phone. Let me know if I'm missing something.
The dumb phone (feature phone) would be new and have no personal info and I wouldn't care if it was hijacked. However, it would be a big problem if my main smartphone was hijacked. It has all kinds of personal info. That's why I'm thinking of getting the dumb phone. Let me know if I'm missing something.
First off, make sure your carrier uses both your email and your personal pin number when requesting a new sim card. That's the only way you'd be sim jaked
This new simjacking bug only requires receipt of a specially crafted sms text message to take over the phone. See https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile for details. It's also discussed on a recent episode of Security Now. Also see https://simjacker.com/ for more details.
For my carrier, I can only get a new sim card by appearing in person at one of their official stores and showing my official id card. They don't allow new sims over the phone.
My feeling and fear is that this exploit will quickly go viral and get widely used by criminal hackers.
should you worry? i guess. but don't let it put fear in you. do not be afraid to use your phone. if that is the case why even get a phone?
just be cautious on what you do in public and use common sense.
knowing about this hack will not make me use my note 10+ any differently.
just be cautious on what you do in public and use common sense.
knowing about this hack will not make me use my note 10+ any differently.
Hi #ocnbrze @ocnbrze, thanks for the reply. I'll still use my sim for calls and texts, I'll just be using it in a dumb phone where I don't really care if it gets hijacked (and yes, there could possibly be fraud calls if it gets hijacked). But the dumb phone won't have any sensitive personal info or links to bank accounts. This feels like the right thing to do until an effective mitigation is put in place.
why be afraid? i love tech and i love my note 10+ no stupid hacker is gonna make me afraid.
......F!!!!!!!! them.
i just keep tabs on my credit cards and bank acct. i don't do my banking out in public.
hey, but do what you gotta do......i guess
......F!!!!!!!! them.
i just keep tabs on my credit cards and bank acct. i don't do my banking out in public.
hey, but do what you gotta do......i guess
As far as I know your sim only keeps your contacts on it, nothing more.
Big deal if someone gets my contacts.
Big deal if someone gets my contacts.
Who keeps contacts on the SIM?
That was one of the original features of the GSM standard, and allows you to move contacts between phones by moving the SIM. But it's also limited in what it can store: one number per SIM contact. Some more recent dumb phones would recognise that different contacts with the same name were the same person and present it to you that way, but fundamentally it's very limited. And if you want to store the full range of details people store with contacts these days the SIM is not the way to do it.
Plus there's that other problem: how often do you change SIMs? I've had the same number since 1994, but I've changed SIM at least 3 times this decade: once to gain 4G (where I needed a newer SIM), twice because the SIM became defective, and I think there might have been another time as well. And if your contacts are on the SIM then you need to copy them somewhere else before replacing the SIM.
So I haven't had any contacts on my SIM since about 2011. First time I replaced the SIM in the smartphone era I never bothered copying any contacts back to it. In fact my Pixel doesn't even have the option: it can import contacts from the SIM, but has no option to create new contacts on the SIM or copy existing ones to it.
That was one of the original features of the GSM standard, and allows you to move contacts between phones by moving the SIM. But it's also limited in what it can store: one number per SIM contact. Some more recent dumb phones would recognise that different contacts with the same name were the same person and present it to you that way, but fundamentally it's very limited. And if you want to store the full range of details people store with contacts these days the SIM is not the way to do it.
Plus there's that other problem: how often do you change SIMs? I've had the same number since 1994, but I've changed SIM at least 3 times this decade: once to gain 4G (where I needed a newer SIM), twice because the SIM became defective, and I think there might have been another time as well. And if your contacts are on the SIM then you need to copy them somewhere else before replacing the SIM.
So I haven't had any contacts on my SIM since about 2011. First time I replaced the SIM in the smartphone era I never bothered copying any contacts back to it. In fact my Pixel doesn't even have the option: it can import contacts from the SIM, but has no option to create new contacts on the SIM or copy existing ones to it.
svim
Extreme Android User
Just my opinion but you're being way too reactionary. Once you start freaking out about every time there's some exploit being discussed, you'll never do anything anywhere. SIM Jacking is a serious problem that shouldn't be ignored but you're fixating on an issue that has only a minimal chance of actually affecting you personally. It's all just numbers and relativity. Once you allow yourself to fixate on little details you lose sight of the big picture. Tossing away your smartphone is going to lessen your quality of life but it does very little in actually making your life safer. You shouldn't be posting anything in something like an online help forum site either for that matter, your online presence (email and social media services) is way more vulnerable to being compromised than the SIM in your phone or your account with your carrier.
I skimmed through the relevant articles and found one thing missing: what to do about it! What can users do to block these attacks? I mean aside from tossing our smartphones. 
One article stated: "All that’s needed for a device to be vulnerable, is for the SIM to neglect checking “the origin of messages” while “allowing data download via SMS.”" How do we make our SIMs check and disallow those things, respectively?
One article stated: "All that’s needed for a device to be vulnerable, is for the SIM to neglect checking “the origin of messages” while “allowing data download via SMS.”" How do we make our SIMs check and disallow those things, respectively?
With this Simjacker vuln, if you get the malicious sms then a) You won't know that you've been hacked and b) The malicious hacker has *complete* control over your phone. They can watch as you log into bank/financial accounts, get user names and passwords, read your emails, track your location, intercept 2FA notices and OTPs, etc, etc. They can do whatever they want. Much much worse than just getting your contacts off the sim. Read the details at simjacker.com and https://www.grc.com/sn/sn-732.txt
Well just install a call blocking app that also blocks non contacts. No malicious sms and done
Right now the exploit seems to be used by only one organization. But my feeling is that many many hackers will want to use this exploit and it will start being used to attack many many more phones. The ability to surreptitiously and completely take over a smartphone is pure gold for malicious hackers. Keep in mind they can completely take over the phone without you knowing about it.
I'm of course keeping my smartphone. No reason to stop using it. I just put my sim into a dumb phone which I also keep with me and has zero sensitive info and no gps capability. I can still get calls and texts no problem.
And I'm guessing there'll be a Simjacker mitigation before too long and then I'll put the sim back in my smartphone. I'll keep an eye one the news about this.
Last edited:
My understanding is that it's easy for Simjacker to take over a phone and send out the malicious sms to everyone on the contact list. So I would be getting the malicious sms from someone on my contact list. So the call blocking app wouldn't help in that case.
meh,
live your life to its fullest. don't live in fear. as long as i monitor what i do out in the open i could care less about hackers. just use common sense with your phone.
live your life to its fullest. don't live in fear. as long as i monitor what i do out in the open i could care less about hackers. just use common sense with your phone.
What none of those articles tell us is which carriers are still using SIMs with this vulnerability, and which generations those are. You don't actually know that you have anything to worry about.
Want to do something? Raise it with your service provider.
Want to do something? Raise it with your service provider.
Or, as I said, tell us what we can do about it. It seems like a no-brainer that solutions should be provided, but they're not. Does that mean it's beyond user-level fixing? If that's the case, who's working on a solution?
I'm getting messages telling me not to worry about Simjacker. I'd like to get a valid, accurate and clear *technical* explanation of why I shouldn't worry about Simjacker. Can anyone provide that?
Also can anyone give me a clear technical reason why the Simjacker exploit will not quickly be adopted by many malicious hackers and used to attack lots of smartphones? The Simjacker exploit seems like the kind of exploit that hackers dream about.
Remember, Simjacker allows *complete* takeover of your smartphone by just getting an sms. And you will not know your phone has been taken over. Sounds like the worst possible attack scenario.
Also can anyone give me a clear technical reason why the Simjacker exploit will not quickly be adopted by many malicious hackers and used to attack lots of smartphones? The Simjacker exploit seems like the kind of exploit that hackers dream about.
Remember, Simjacker allows *complete* takeover of your smartphone by just getting an sms. And you will not know your phone has been taken over. Sounds like the worst possible attack scenario.
Last edited:
Time to burn all cellphones!
Are the masses all blind to the end of times?
Like lemmings to the sea we all are doomed!!!!
Personally I take all this with a grain of salt.
And a shot of tequila....
Are the masses all blind to the end of times?
Like lemmings to the sea we all are doomed!!!!
Personally I take all this with a grain of salt.
And a shot of tequila....
Hi, newbie here.
This is a bit off topic but refers directly to the sentence above.
I have two devices; Galaxy J7 Core and Tab A8.0 (2019 vintage). I had a SIM card in the J7, but also had a full screen of fields with the options to add further fields. I did not at the time have a SIM in the Tab but I only have one field with no options to change (I mean the Name field plus only one other). Not sure if the SIM card has any effect on whether you have more fields or not.
Regards
Bearium2
PS. If anybody know how to fix this, I'd be grateful!
Attachments
It would be better to have included the extra information in your own thread than to ask an unrelated question here (it's not about simjacking, so this is changing the topic of someone else's thread).
Your screenshot shows that you are trying to add the contact to the SIM. That will limit what you can store, as I said in your thread. Change where you store the contact. But further discussion should be in your own thread.
Your screenshot shows that you are trying to add the contact to the SIM. That will limit what you can store, as I said in your thread. Change where you store the contact. But further discussion should be in your own thread.