Shared publicly  - 
 
New Sim Card Cloning #Hack, the first hack of its kind in a decade http://thehackernews.com/2013/07/sim-card-cloning-hack-affect-750.html 
113
46
Takeshi Kashiba's profile photoChristopher Li-Reid's profile photoVeysel Akdeniz's profile photoAmon RA's profile photo
22 comments
 
The more I pay attention to Hacker News, the more reasons it gives me to stay away from Smart Phones, Facebook, and Apple products.
Amon RA
+
1
2
1
 
+Zander Gavin The above hack works on every phone, even a low cost dumb phone; it has nothing to do with smartphones...
 
+Amon RA 

which is why i prefer prepaid phones. the have no personal information stored on them and when you're done, burn them.
Amon RA
+
2
3
2
 
+Zander Gavin ... If your SIM gets cloned via the above hack, the hacker will be able to call on your expenses. By the time you notice that your pre-paid credit is all gone it'll be too late to burn your phone ;) Again : The SIM is the issue in this case, not the phone.
 
+Amon RA 

you obviously do not know how a prepaid phone works. They are untraceable save for back to the store of purchase, you can't trace the purchase unless you used a credit card.

Prepaid phones have a set number of minutes, a preselected number, and nothing that ties it back to the user.

So the notion of copying a sim card on a ghost phone is worthless. Especially if you know how to clone, or burn that phone. Not to mention, people like me buy a prepaid phone for a simple business deal, then destroy it afterwards. 

Smart Business. 
Amon RA
+
2
3
2
 
+Zander Gavin You buy a prepaid phone with a certain amount of call credit. I hack your SIM, clone your SIM and use your pre-paid credit for my own personal usage (e.g. a prank call to the last number you've dialed). 

In which sense did your prepaid phone prevent a hacker from stealing your money in this case?
 
You can trace prepaid phones and they're registered to a user with address.

And drug dealers who use prepaid are still recorded and followed. Just saying. 
 
+Amon RA 

Assuming who I call isn't also using a burned phone,l which spoiler alert, we don't keep long enough to risk bullshit. And second, assuming that I haven't modified the phone already. First thing I do after buying a prepaid phone is remove the GPS chip, my primary cell phone is completely unhackable and untraceable.

courtesy of the Black Market Redux.

+Christopher Li-Reid 

Prepaid phones are only registered if you buy from a licensed dealer, and elect to register. 7/11 stores will sell them to you for cash with no stipulations.
 
1. Untraceable - You don't need GPS to be tracked.  Your position can be triangulated by which cell phone tower your phone is hitting.  If there are multiple towers in the area, it will switch between the strongest signals in order to provide you with the best signal, providing a rough location to authorities.  GPS (and wifi) just makes the tracking more accurate.  Getting this info is difficult, but not impossible, because most cell phone towers aren't set up to record the information in a usable format....which is why police set up their own towers that record all outgoing information from your phone, making it much easier to read and trace since they usually have a much smaller signal radius. See:  http://www.wired.com/threatlevel/2013/04/verizon-rigmaiden-aircard/all/

2.  Unhackable - Cell phone providers constantly update cell phones without telling the end user in case of network changes.  They also have the ability to change other settings, including whether to turn your camera off (if you have them) and get a bunch of other information from your phone (such as contact information, call log, or any other information stored in the phone).  If you're connected to the hacker's (or police's) cell tower, they are the carrier and can make whatever changes they want.  Generally, prepaid phones are more likely to be controlled because they tend to be locked down by the carrier until the user pays for the features (and if you're thinking that your carrier doesn't do it, the phone was probably made for multiple carriers) See: http://en.wikipedia.org/wiki/Mobile_device_management
 
You can't remove a GPS chip ...and you can use WiFi to gain location tracking.

Nope prepaid in Canada/Usa require name and address to be activated. 
 
Just outta curiosity, outside of making phone calls outta the victims expense, what other info is truly embedded in a SIM card? I know phone and mobile provider info is kept on there. But what else? Unless this'll breed a new form brute force attacks or mobile DDoS. Maybe used that way?
 
Some phones will store contact information on the sim card, but that isn't common any more.  Pretending to be the end user (accepting texts used in multi-factor authentication for example), sending texts to premium shortcodes (i.e. donate $10 by texting HELP to 1234) and making calls at the end user's expense seem to be the bigger threat here.
 
+Christopher Li-Reid 

you CAN remove the GPS chip, and if you so chose, replace it with one that reroutes signal to give a fake location.

second. You DO NOT have to register prepaid phones. I never have. 
and even if you had to, who is to say the information you provided was real? it's time to stop pretending you know what you're talking about.

+Troy Lees 

with a new modification, it is possible to configure a cell phone to function on the TOR network. for a phone to be hacked, it has to first have a stable IP at a fixed location.

if your cell phone is configured to always use tor, thus always broadcasting a proxy, it is impossible to get a fixed position, let alone, break into a cell phone.

Governments can't track anyone through TOR, if they could, child porn would not exist. Neither would media piracy.
 
+Zander Gavin number one, your name is spelled wrong - number 2 where i live even prepaids have to be registered to a name and address. (and since they're american companies)  number 3 lol you seriously open a phone and make up some story about how you remove the physical gps chip instead of just turning it off lol.   number 4 theres a few exploits in android which allows you take control of the unit - especially if its rooted (because you have root access whee) number 5 the phone company can read all your texts lol and can listen to all your calls.  

number 6 the only reasno you're buying prepaid phones and proclaiming to remove the gps is because you're probably a drug dealer. .... or you're wearing a tin foil hat.  

and if you're only buying prepaid phones - you're basically buying the crappiest phones available.  wheeeeeee!!  

lastly - proxy or not - you'd have to turn off your wifi as well because they can get location tracking servies off that - especially google. 
 
Your phone doesn't talk through TCP/IP to the cell tower and doesn't need it to communicate with the phone.  Your data channel is encapsulated in the cell traffic and can be monitored and broken.  TOR doesn't protect you when the hacker has access to your router because you haven't connected to the TOR network yet.
 
+Christopher Li-Reid 

My name is spelled wrong? are you fucking retarded? who the hell are you to say how to spell my name?

do i sell drugs? no
do i sell other items of questionable legality? yes

do you know what you are talking about? no
are you a fucking idiot? yes
 
The way zander is talking , is what makes this useful actually. People just dont get how it works apparently. It is the aversion to the store that makes it work. Nice and easy to do with access to the phone before hand. Think flea markets and stuff of that nature. You are not circumventing the nsa, you are just green lighting any tech nerd with access to your phone. 
 
I wonder if the hack works on Dish and Dtv cards also?? 
I "heard" people have been glitching holes in these cards for years to get free tv..
 
I bought the dumbest phone I could find. No features but calling and texting. I don't think it uses wifi, just the plain cell antennas. (I have a wifi router and the phone most definitely doesn't show up.) It has no gps chip. Not pre-paid in my case, but considering doing that for burn phones. It does however have a sim card which can be copied. So I guess I'll need to change my phone plan.
 
too bad you can't validate the cell site your using to be real...
 
Interesting idea. Instead of a hacker simply placing a tap on a cell antenna, or the service provider simply recording everything for the NSA, we now add the idea that the cell antenna itself might be a cause of concern.

Well, luckily for us, if it isn't a real antenna, our phones won't have a connection. With no connections in or out, there isn't much hacking to be done, is there?
Add a comment...