Making use of a duplicate SIM card
-
- PlutoniumLounger
- Posts: 16440
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Making use of a duplicate SIM card
"If they've hacked your sim card, so if they've gone to a service provider and pretended to be you and got them to duplicate the sim, they now receive all your calls and messages," he said. "But that only works if you have text-based multi-factor authentication [set up]."
That closing sentence caught my attention. My small brain is slowly changing course to believe that "two-factor authentication is perfect", which, of course, it isn't. I believe that it's just a great deal better than NOT having two-factor authentication.
But, so, I went back and re-read the preceding text.
If the Bad Guys have managed to convince a store to duplicate your SIM card, wouldn't that mean that they already have your SIM card, a tiny chip of plastic and metal?
And if so, that suggests that they already have your phone?
So I can imagine spotting an abandoned phone, rushing off to get the SIM card duplicated, and then returning the phone to the original owner (who breathes a sigh of relief that all their data is safe), and a few minutes later I drop the duplicated SIM card into a new phone and - well, basically, I have your account.
But if that is so, why wouldn't I just empty/change your account while the phone was still in my possession?
Why not empty the accounts while the sad person was still sitting on a bus on their way to re-tracing their steps through the mall?
Of course at my age I am capable of mislaying my phone in the rubbish heap that I call "my home". I should duplicate the SIM card next time I have a chance, and store that duplicate card in a secret hiding place in my shed so that, mislaying my phone, I can quickly reset passwords etc before some nasty person duplicates my original SIM and locks me out?
Thanks, Chris
That closing sentence caught my attention. My small brain is slowly changing course to believe that "two-factor authentication is perfect", which, of course, it isn't. I believe that it's just a great deal better than NOT having two-factor authentication.
But, so, I went back and re-read the preceding text.
If the Bad Guys have managed to convince a store to duplicate your SIM card, wouldn't that mean that they already have your SIM card, a tiny chip of plastic and metal?
And if so, that suggests that they already have your phone?
So I can imagine spotting an abandoned phone, rushing off to get the SIM card duplicated, and then returning the phone to the original owner (who breathes a sigh of relief that all their data is safe), and a few minutes later I drop the duplicated SIM card into a new phone and - well, basically, I have your account.
But if that is so, why wouldn't I just empty/change your account while the phone was still in my possession?
Why not empty the accounts while the sad person was still sitting on a bus on their way to re-tracing their steps through the mall?
Of course at my age I am capable of mislaying my phone in the rubbish heap that I call "my home". I should duplicate the SIM card next time I have a chance, and store that duplicate card in a secret hiding place in my shed so that, mislaying my phone, I can quickly reset passwords etc before some nasty person duplicates my original SIM and locks me out?
Thanks, Chris
Most of my hair had already fallen out by the time I learned that mousse is spelled with two esses
-
- UraniumLounger
- Posts: 9639
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: Making use of a duplicate SIM card
Why should it possible to duplicate a SIM card? Given that all devices have MAC address, why shouldn't SIM cards incorporate that, or some other unique value, into the SIM card when it is issued and a version number of some sort so that no 2 cards can be legitimately issued in a person's name that can be used inother devices. It should be possible to allow multiple unique IDs (such as MAC addresses) into a SIM card making it possible to switch it among devices such as iPads and other smart phones. That would, of course, should entail presenting all devices at the time a SIM card is issued.
Of course, there is much I don't know about how SIM cards are used. I'm opining only to show that I think that security around issuing and losing them could be improved to prevent what Our Mister Greaves opines about.
Perhaps Stuart can speak to SIM card uses and security matters and educate me.
Of course, there is much I don't know about how SIM cards are used. I'm opining only to show that I think that security around issuing and losing them could be improved to prevent what Our Mister Greaves opines about.
Perhaps Stuart can speak to SIM card uses and security matters and educate me.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- Administrator
- Posts: 12857
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Making use of a duplicate SIM card
If the service provider issues a new SIM then the old SIM will no longer work. You can't duplicate a SIM (I think).
StuartR
-
- UraniumLounger
- Posts: 9639
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: Making use of a duplicate SIM card
Thank you, Stuart.
That confirms my understanding. One of the advantages of a smart phone, I thought, was that they cannot be cloned as the the old cell phones were. I thought it was the SIM card that prevented it. That's all more impression and inference than information, though.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- SilverLounger
- Posts: 2253
- Joined: 02 Mar 2010, 16:53
- Location: An Aussie in Norway
Re: Making use of a duplicate SIM card
When I upgraded my phone a new mini SIM card was required. My provider issued two cards in error, both programmed to the same number. Contact with them resulted in the comment “Keep the other as a spare“.
I've never tried the spare SIM but I would guess that if inserted into my phone the network would not recognise the card presently in use... if inserted into another phone . However, it does seem that two SIM cards can be programmed with the same identity and I effectively have a clone. Hopefully questions would be asked before my service was transferred to the clone
I've never tried the spare SIM but I would guess that if inserted into my phone the network would not recognise the card presently in use... if inserted into another phone . However, it does seem that two SIM cards can be programmed with the same identity and I effectively have a clone. Hopefully questions would be asked before my service was transferred to the clone
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
-
- PlutoniumLounger
- Posts: 16440
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Making use of a duplicate SIM card
Hi Ron; why should questions be asked? That was the thrust behind my question, having read in the news article that "'... they've gone to a service provider and pretended to be you and got them to duplicate the sim, they now receive all your calls and messages,' he said."
Such a statement led me to believe that (IN Australia, at least), a SIM card could be duplicated ("Key Cutting; SIM cards forged; ..." and further that "they now receive all your messages". That is, the duplicated SIM card functions correctly(1).
A quarter-century ago I predicted that by 2010 we would have chips inserted in our skulls which would function as phones; we would think "pick it up, it's Susan" and chat at the speed of thought. (I was actually looking forward to the video phase).
SIM cards have a tiny chip. And the telephone companies don't care if you've dyed your hair (or if your hair is dead).
When I was you age a telephone number identified a brick-and-mortar house. Today a telephone number is a defacto identity card.
My smart phone works as well in Bonavista as it does in St John's. I can see no logical barrier to me maintaining two smartphones, one of which is held in a hotel safe in St John's for when I am in St John's, and one held in my fire-resistant metal box in my study in Bonavista.
Snap Quiz: Am I typing this reply on the old DELL Win7 laptop in my study or am I hammering it out on my Acer Luxario while in bed, sipping my first coffee?
Cheers, Chris
(1) You and I stand side-by-side, each with a smart phone, the phones equipped with duplicated SIM cards.
Do both phones ring at the same (human perceptible) time that Hans calls the number?
Does the connection get made only to the phone which is first answered ("picked up") by the user?
Do we care?
These three questions are surely just a question of how the SIM programming is laid out, yes? C
Most of my hair had already fallen out by the time I learned that mousse is spelled with two esses
-
- PlutoniumLounger
- Posts: 16440
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Making use of a duplicate SIM card
Speaking of which I went back and re-read the news article. Twice. Parts of it are poorly written.
Example 1: "He said families should have passphrases with each other that only they know in case they lose their phones, which would allow them to easily verify they are who they say they are."
On the surface this seems like a good idea. My first-born son might cement his identity with me by saying "I had a pet lamb when I was five". Who else on the face of this earth would know that after 47 years?
Well, His mother, his younger brother, his schoolmates in whom he confided miserable after the marriage broke up, his five aunts and uncles and their children (a dozen cousins?), the numberless drinking buddies in Paris with whom I commiserated after the marriage broke up, numerous girl-friends since then ...
Example 2: "... said at the end of the day, she was lucky. She lost no money because of the scam — just her time and memories." painful as this is, people have been losing photographs since the second (known) photograph was taken. House fires, sinking ships, and in one case to my knowledge, a whole batch of prints being scanned, but held in a black plastic garbage bag at the deskside, which bag was treated as garbage during a house-move.
Cheers, Chris
Most of my hair had already fallen out by the time I learned that mousse is spelled with two esses
-
- Administrator
- Posts: 12857
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Making use of a duplicate SIM card
Even if two SIMs are programmed to the same phone number they will have different identities and the phone company can tell them apart.
StuartR
-
- PlutoniumLounger
- Posts: 16440
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Making use of a duplicate SIM card
Thanks Stuart.
I suspect that a SIM card can be duplicated.
After all, the new SIM card supplied to me two weeks ago was produced on a machine, and the machine was programmed to spit out a million or more SIM cards.
In the store the clerk asked for my phone number (to cancel the old service provider) which number can then be recorded in the SIM through the clerk's computer terminal, right? He has a box of SIM cards but cannot know the phone number until a customer dictates it.
Suppose in the store I had walked in and told the clerk that I had already cancelled the old service provider. Would the clerk have shrugged and typed my phone number into the terminal, and would that SIM card then have a useful number to be used by my new service provider?
I mean by this that I feel confident that the recording mechanism is available at the level of a clerk in a local mall.
I am almost tempted to try this on my next visit to The Big Smoke. It might be worth it just to see if a clerk can object on any practical grounds (as in "the computer won't let me do it!").
Cheers, Chris
Last edited by ChrisGreaves on 23 Nov 2024, 14:32, edited 1 time in total.
Most of my hair had already fallen out by the time I learned that mousse is spelled with two esses
-
- Administrator
- Posts: 12857
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Making use of a duplicate SIM card
The database is not going to store two SIMs against one phone number
StuartR
-
- PlutoniumLounger
- Posts: 16440
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Making use of a duplicate SIM card
So the store clerk in the mall must first disable my phone number (with the old service provider) from the database before enabling that phone number with my new service provider?
... and by "the database" you mean the world-wide telephone directory, yes?
My phone number here in Canada (123-456-7890) has to be valid in Australia when I go there on a trip, and your phone number in the UK (123-456-7890) has to function correctly when you visit Dubai.
My REAL phone number is 1-123-456-7890 while yours is 011-44-123-456-7890.
I think.
From Dubai dial 00358-123-456-7890 (Yes, I know, they seem NOT to have three-digit area codes there ...) to reach me in Finland.
Thanks again, Chris
Most of my hair had already fallen out by the time I learned that mousse is spelled with two esses
-
- Administrator
- Posts: 12857
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Making use of a duplicate SIM card
Nearly correct Chris. But 011 is a country specific prefix. For international use the correct prefix is +
So my number is +44 20 8555 1234
So my number is +44 20 8555 1234
StuartR
-
- Administrator
- Posts: 12857
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Making use of a duplicate SIM card
And the database is called a Home Location Register. You can read all about it on Wikipedia https://en.m.wikipedia.org/wiki/Network ... _subsystem
StuartR
-
- Panoramic Lounger
- Posts: 8546
- Joined: 25 Jan 2010, 09:09
- Location: retirement
-
- Administrator
- Posts: 79699
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Making use of a duplicate SIM card
It's not the number that I have in my Contacts...
Best wishes,
Hans
Hans
-
- Administrator
- Posts: 12857
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Making use of a duplicate SIM card
+44 20 8 is outer London
555 is reserved for fake numbers
555 is reserved for fake numbers
StuartR