SIM Jacking Can Steal Device Data - ThreatWire
HTML-код
- Опубликовано: 7 авг 2024
- Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
A vpn for firefox users, SIM Jacking can steal device data, and DNS over HTTPS will go live in October! All that coming up now on ThreatWire. #threatwire #hak5
Links:
Support me on alternative platforms! snubsie.com/support
/ shannonmorse -- subscribe to my new channel!
ThreatWire is only possible because of our Patreon patrons! / threatwire
Links:
blog.mozilla.org/blog/2019/09...
www.theverge.com/2019/9/3/208...
private-network.firefox.com
thehackernews.com/2019/09/fir...
www.cnet.com/news/mozilla-tes...
www.theverge.com/2019/9/11/20...
simjacker.com
thehackernews.com/2019/09/sim...
threatpost.com/1b-mobile-user...
www.zdnet.com/article/new-sim...
www.cyberscoop.com/simjacker-...
blog.chromium.org/2019/09/exp...
www.chromium.org/developers/d...
thehackernews.com/2019/09/chr...
www.zdnet.com/article/google-...
Photo credit:
zdnet1.cbsistatic.com/hub/i/r...
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → www.hak5.org
Shop → www.hakshop.com
Subscribe → ruclips.net/user/Hak5Darr...
Support → / threatwire
Contact Us → / hak5
Threat Wire RSS → shannonmorse.podbean.com/feed/
Threat Wire iTunes → itunes.apple.com/us/podcast/t...
Host: Shannon Morse → / snubs
Host: Darren Kitchen → / hak5darren
Host: Mubix → / mubix
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong. Наука
Video starts from 3:00
Welcome 😊
Thank You for Your Video.
Ladies and gentlemen, Shannon is very serious!...seriously awesome! :D
Shut up
Nice video. I liked the art in back ground the topic and your vice. Furthermore a podcast sounds like a great idea. 😎 Later
If youre downloading DOH using a browser which doesn't already have DOH then how can you be sure you aren't just downloading malware from a spoofed website?
• Still no mention of ZombieLoad? 🤨
• How does Chrome do DNS lookup? 🤨 DNS lookup is in the layer 7, but it's not handled by actual applications, it's handled by the OS' networking functions. 🤔 Chrome must be bypassing the TCP/IP stack and doing its own thing, ignoring the rest of the system (as usual 😒-and Google wonders why nobody trusts them ¬_¬).
Ddwrt and use iptables to force and spoof DNS redirection to a custom server. Hell yeah. I love my pihole.
i would also like to see a plugin that will allow me to use my own VPN on Firefox portable also be able to use Firefox with account switch so that when i log out it clears the computer that i was loged in on
I wasn't sure if access to your phone requires an SMS message each time, or if once you get the SMS message they have access to your device in perpetuity?
Firefox v.69....
Nice
Nice...
Nice.
Nice
Nice
Noice
Firefox version 69 huh
Nice
unless it is a message that there are problems we will run into and so we need to be prepared to be f'ed
nice
Im here to inform you that your 69 comment now has 69 likes
Giggity.
my only issue with vpn on public wifi is when the access point uses dpi and blocks it from even working happens all the time around here
Does it include dns leaking?
Sims Have Built In Apps That Can Be Exploited! This Has Been Known For Years!
@xOr But This Isn't Even a New Exploit!
Check Defcon's Back Catalog On SIM Hacking...
Literally says "for 2 years" in the article cited.... what's the problem? And if it has been know for years, why hasn't it been corrected. As a layman, this information was news to me and helpful. Sorry you already know everything, your life must be so boring now.
Yeah up to date:)
I wonder if spamming ICMP packets to the client when it asks for DOH, if it will be a type of down grade attack on this new protocol
Not available for Linux but it will work on desktop. Wait what?
damn, whole arch wiki page on thistopic is wrong then, smh.
lol I thought about that one too
Thanks! I have sent this video to all my 1000+ friends on Facebook!
how to share it with FACEBOOK cause google and FB not best friends
Great, SIMjacking can be filtered by the phone companies, but what if someone spoofs the SMS stream out of a nearby tower?
Worse, I've checked and my phone never actually completely turns off. Even when off, I've detected packets being sent to the network... infrequently yes, but there. I am fairly sure this is to keep the network updated on position of phone, so if I should turn it on, it will have nearly instant access to the network. What I don't know, is if this is related to SMS... As I remember that SMS was originally for system messages between towers and devices. So, does this mean SIMjacking can occur on an "off" phone?
Zaphod Breeblebrox Yes, the NSA have been using this technique for almost a decade and have shared this info with the FBI Task Forces
The only way to get around this would be to destroy your sim or maybe take it out of your phone.
@@dp4kallday Or store your phone in a Faraday cage lmao
@@dooterino lol 😂
@@dooterino That's not a bad idea -- refrigerators work a treat, too! (and muffle/silence mics)
Intresting.
Thanks Shannon, Q: at 8:20 you said its not on ios but it is on mobile. Scuse my ignorance but what is ios?
The firmware from the esim can be updated ?
How good are proxies and vpns
Show us how to use it ?????
Is Simjacking different from SS7 attacks ? If not companies are selling this service to governments for years
Veselin Nikolov do you know how to perform?
HELP ANYONE ASAP!!!
A few days ago, while watching a RUclips video(via the App) on my Samsung Galaxy S20 FE 5G, the left half of the video portion was covered with a pinkish/orangish screen with the words "MICROWAVE SPY CAMERA 1.XXXX" (where xxxx was 4 digits that I don't remember). After about 20 seconds, I clicked the next video and the exact same thing occurred. I then clicked back to the previous video and the video didn't have this "notice". Then I returned to the new video and it was no longer there either!
I played one more completely different video and it wasn't on it either.
I tried to look in the developer options for how to see active programs running and it listed about 20, but nothing that stood out as suspicious.
I just now put the phone in airplane mode.
How can I inspect my phone for evidence of this "screen notice"? Maybe some kind of cache files containing the "screen notice" or whatever? Is there a way to get a dump of ALL processes running before it's too late and it terminates, or the cache gets deleted?
I would like to get proof this exists on my phone. Need evidence.
Please help ASAP!!
What 30 countries are these sims used in?
what if you have no sim in your phone?
Love you guys great vid
Does sim jack can control andriod or iphone files from victim mobile even if they lock their mobile with passcode or pattern? Any expert can wake me up
If someone is low enough to jack a sim card they lo enough for basement lockup.
SIM jacker, I've heard this before.
Can you change the wallpaper background it so weird
I use Firefox all the time
Nice
Music videos get billions of views and important video like this gets thousands 😒 people are ignorant that's why they are vulnerable
I hope she could have explained it in a much simple terms instead of just reading like a news reader ..so that people can share it more
Why just don't use free VPN in Opera? It's essentially their main selling point at the moment.
Because when using a free vpn. You are the product. Meaning there selling your info to keep there company alive. So probably best to use a paid vpn...
SMS fuzzing?
so this would explain the extra SIM slot on some phones lately, huh...
Root phone after use xprivacy Or put out the card
ok.
Ooo no... How do we protect ourselves
*what is crypto miners?*
For miners in general, go look up "how does Bitcoin work". What she's specifically talking about are miners that are included in the JavaScript of a website and run in a browser. Some websites will add that to make money off of visitor's processing power. It's kind of like advertising, but instead of eating your attention it eats CPU time.
What a good idea. . . . . I'm off to buy a GSM modem. . . . . . See ya later
seriously, firefox block ads
meanwhile i got a vpn on opera
I want to make project in my college
I am pursuing diploma with computer science and engineering.
I requested you please give me a sort project.
Any luck with the project
Isn't sim jacking how @jack from Twitter was hacked
I need a favor, how I find my phone,,, because of our area full of night thieves. u woke up sad.
so whats the command code ....anyone know? .....for Educational purposes muahaha
Firefox be like i will give you Privacy just TrUsT mE oN ThIS.
sincerly your big brother
why such commands wear implement at first place ????
Video starts at 0:32. Simjacking story starts at 2:54. You're welcome.
Need a giveaway 😁😁😁😋
So everyone is going to need new SIM cards. For those still lucky enough to have physical ones.... And this is why having a separate physical SIM is good.... If the SIM at risk of compromise, pull it out.
for ESIM people...
"hey phone are you sure you disabled the flawed ESIM"
"Sure did boss"
"somehow that doesn't make me confident"
Part of the reason of removable SIM was exactly being able to update or change it. If it can be OTA updated sure, but given the possible compromise best option is to demand new known to be fixed from factory SIM.
Why the hell anyone would issue SIM not verifying the operator identity via crypto signature. The whole thing is an over grown crypto processor, so verifying message authenticity should be among the easiest jobs. message signature doesn't match the SIMs issuing network operator..... Ignore and also probably tell the user someone tried to send false commands.
And yeah the user will not see anything, since only message type SMS is shown to user often. Well depends on OS. Some OS and phone show "received network configuration, execute?" or something. Since the main job of those command messages is to transfer and update network configuration parameters on the SIM so on a simple network configuration update everyone doesn't have to be issued new SIMs. Instead operator send the new config to subscribers over SMS.
Again (with many IT and network security) nothing is inherently wrong with the concept of say SIM. Some just messed up really really badly in not implementing command authenticity checks on the SIMs from the get go. Most likely, because "well that would be little more work and surely only we can send command SMS on our network". The main mitigation is actually that, but well what if the phone is roaming to another network or spoofed to connect to what it thinks is home network. Again.... Why isn't there signatory handshake on cell connecting to make sure the Phone actually is connected to who SIM wants to be connected to.
I need some1 who can do this for and easy job
Your left eyebrow is bigger than your right, it's really off putting hahahahaha
ifell3 no it isn’t?
@@pogonukka it is, it's wider
Love you 😘 sarmon
RUclips comment
RUclips comment reply
SECOND✌
i love your essential kit im 12 but im a hacker
I started at that age, I've so far made more money than my mom so keep it up it'll be worth it and it's fun in school.
@@dbanopsec4255 I have everyones password in my grade but just to flex
Opera already had vpn for quite a while.
and it's all for collecting data not protecting hehehehe :D
Yes but Firefox is epic
Yes, but not Privacy Friendly
@@jorensc There is no doubt about it
@@ahmedelwan9129 On the other hand, i dont know if cloudflare can be trusted
u haz a nice voice
😂😂😂 fake news , can not don’t say
ROFLMAO
Hi I know you. Do you want to know me.. Dail.... Blah blah blah.. Like this.
Can you explain attack
abdelmohymin zero code have you learned?
😐😐😐😶😶😶👎👎👎🤣🤣🤣😂😂😂