this post was submitted on 09 May 2024
36 points (95.0% liked)

Privacy

31939 readers
705 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

ordered a new phone so I wanted a new SIM for a clean slate. My country require KYC for SIM cards. So i ordered this https://www.ebay.com/itm/295938085941 I see now that the card is being shipped from Israel.

(I'm in another EU country)

Cloning, swapping etc , how bad idea was this on a scale from 1-10? Even if the package is unbroken , I assume someone with physical access (and resources) can do a lot of stuff?

Miss being able to go get one from the corner store. But idea was to load it up by cash bought giftcards.

Also played with the idea of getting a gl-inet portable router and skip SIM card in phone but it is quite a bit of hassle to have another device to maintain and carry...

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 6 months ago (1 children)

(Assuming Android) IIRC a sim is a full microcontroller. I'm not sure about the protocols and actual vulnerabilities, but I can say no phone has a trusted or completely documented kernel space or modem. The entire operating system the user sees is like an application that runs in a somewhat separate space. The kernels are all orphans with the manufacturer's proprietary binary modules added as binaries to the kernel at the last possible minute. This is the depreciation mechanism that forces you to buy new devices despite most of the software being open source. No one can update the kernel dependencies unless they have the source code to rebuild the kernel modules needed for the hardware.

In your instance this information is relevant because the sim card is present in the hardware space outside of your user space. I'm not sure what the SELinux security context is, which is very important in Android. I imagine there are many hacks advanced hackers could do in theory, and Israel is on the bleeding edge of such capabilities. I don't think it is likely such a thing would be targeting the individual though. As far as I am aware there is no real way to know what connections a cellular modem is making in an absolute sense because the hardware is undocumented, the same is true of the processor. I'm probably not much help, but that is just what I know about the hardware environment in the periphery.

[–] [email protected] 2 points 6 months ago* (last edited 6 months ago) (1 children)

Yea I'm looking in do network monitoring when first connecting the phone. Will need root it seems. But since I will install GOS and reset it afterwards it would probably be my best bet for verifying no bad connections . Long time since I used wireshark but should be possible.

[–] [email protected] 3 points 6 months ago

You would need a well designed Faraday box and a lot more of a test setup to verify that all possible communications are indeed reported by the device. No interface on the device itself can be trusted.