Can a stalker connect to a new phone with a new sim card that is using the same subscription ?

Discussion in 'mobile device security' started by SecurityNewbie, Feb 7, 2020.

  1. SecurityNewbie

    SecurityNewbie Registered Member

    Joined:
    Feb 7, 2020
    Posts:
    9
    Location:
    Europe
    There was installed some malicious software (properly spyware) on my last smartphone that was able to also control the connectivity of the phone.

    As I have read that this is a sign of software with root access, I could not be sure that this malicious software would be deleted by a factory reset. And therefore I bought a new hopefully more secure phone - a Blackberry.

    I then ordered a new sim card for my existing subscription.

    I guess the new sim card will connect to the same server account that is related to my subscription.

    Will there then be a security risk in using this sim card in my new phone ?

    Meaning, could the stalker also have got some informations related to my subscription that makes the person able to connect to my new phone ?
     
  2. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    4,801
    Location:
    USA still the best. But getting worse!
    It'll be carrier & possibly the specific rep being approached. Does the carrier have & enforce proper security procedure(s) before letting anyone change or control the account? Is this able to be overcome by social engineering?

    Btw what OS was previous phone? What was the spyware app? How did the app get on the phone? Was it a new phone? Where was phone purchased?

    Sorry your question is a bit of a mish-mash. Are you just talking about cloning a SIM card? Is carrier GSM or CDMA?
     
  3. SecurityNewbie

    SecurityNewbie Registered Member

    Joined:
    Feb 7, 2020
    Posts:
    9
    Location:
    Europe
    It’s okay, I may not have eye for what is relevant to mention.

    The other phone had Android on it, and only last about a month.

    The stalker first attacked my home router and after that my pc and installed some spyware on it.

    And by this gained access to my Google account where my mobile was hooked up. And from there installed spyware on the phone.
     
  4. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    4,801
    Location:
    USA still the best. But getting worse!
    Okay if I understand you are now concerned about your BlackBerry phone being compromised. I know nothing about the BB environment.

    But if you're concerned about your cell phone account then I what I stated is relevant.
    "It'll be carrier & possibly the specific rep being approached. Does the carrier have & enforce proper security procedure(s) before letting anyone change or control the account? Is this able to be overcome by social engineering?"
     
  5. SecurityNewbie

    SecurityNewbie Registered Member

    Joined:
    Feb 7, 2020
    Posts:
    9
    Location:
    Europe
    Yes, I haven’t put the new sim card in the Blackberry yet, as I would ask about this first.

    I think the carriers security is ok, as it always can be better.

    I’m only asking if the new sim card also is compromised when it uses the same subscription as the compromised sim card, or is it just as secure as ordering a new sim card to a new subscription ?
     
  6. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    4,801
    Location:
    USA still the best. But getting worse!
    Well for sure if it's not in an Android it'll be ok.
    Did you regain control or get a new router?
    Did you change your Gmail PW?
     
  7. SecurityNewbie

    SecurityNewbie Registered Member

    Joined:
    Feb 7, 2020
    Posts:
    9
    Location:
    Europe
    I have stopped using the router, got a new pc and so on and installed Linux Qubes OS which is the safest OS.

    I would just like to know if my new sim card is as safe as if I ordered it together with a new subscription.

    For example does the new sim card has another IMEI number than the old one although it is linked to the same subscription ?
     
  8. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    4,801
    Location:
    USA still the best. But getting worse!
    Phones have IMEI #s, SIM cards do not.
     
  9. SecurityNewbie

    SecurityNewbie Registered Member

    Joined:
    Feb 7, 2020
    Posts:
    9
    Location:
    Europe
    Okay, I didn’t know that.

    Can a sim card number be used to get connected to the sim card or phone then ?
     
  10. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    4,801
    Location:
    USA still the best. But getting worse!
    I don't understand the question.
     
  11. SecurityNewbie

    SecurityNewbie Registered Member

    Joined:
    Feb 7, 2020
    Posts:
    9
    Location:
    Europe
    I’m just asking to rule any option out so that I can be sure.

    But if I understand you correctly they can’t get in contact with my new phone unless they have copied the sim card.

    And I haven’t seen any trace of that.

    Is it possible to clone a sim card without taking it out from the plastic container it comes in ? - I ask because I received the letter about a month after it was sent. And the stalker lives where I live.
     
  12. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    4,801
    Location:
    USA still the best. But getting worse!
    What letter?
     
  13. SecurityNewbie

    SecurityNewbie Registered Member

    Joined:
    Feb 7, 2020
    Posts:
    9
    Location:
    Europe
    The letter the new sim card was sent with.
     
  14. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    4,801
    Location:
    USA still the best. But getting worse!
    Where was the letter for a whole month? Anything is possible but unless X has the extensive knowledge or a boatload of money & know black hatters I doubt it.
     
  15. SecurityNewbie

    SecurityNewbie Registered Member

    Joined:
    Feb 7, 2020
    Posts:
    9
    Location:
    Europe
    Ok, fine.

    Thanks a lot for your time.
     
  16. Soft Life

    Soft Life Registered Member

    Joined:
    Aug 10, 2018
    Posts:
    94
    Location:
    United States
    I'd wipe all of your machines and lock up your router with new password.

    I don't trust phones to do banking if you have any large amount of money. No silly apps like games of the such.

    Use a linux distribution at home to do banking. If you have to use Windows laptop or PC to bank do a new install and run Spyshelter anti keylogger. Don't download any program for fun but only if its a legit program.

    Don't use google to save passwords. It's a target. And lock down google account with a yubikey hardware USB. If you are really paranoid don't have any recovery email on the google account either...

    Use a password manager like Bitwarden. Make your passwords extremely long and let the manager remember them. Lock down the Bitwarden with the USB Yubikey also.

    And if you are really paranoid don't use wifi at home. If you use wifi away from home make sure to use a VPN. And if you have to use wifi at home at least use a VPN for everything.

    Call up your banks and tell them you want to put a verbal password on the account so if someone tries to call in and act like you.

    Call your phone company and see what security they have in place that you can enhance so somebody doesn't try to change your phone over to them.

    Also try to never never never use a bank that sends a SMS code to your phone to access the account. Always get a bank that lets you choose to use email but not google email for the code to get into the bank. That way if your phone gets hacked and put into someone else account they can't get the SMS code via messages.

    Ally bank lets you choose where you want the code sent up to 6 choices. Discover checkings and savings let you use a verbal password and you can request they send a code to your email before someone can call in to impersonate you via phone. I use only 1 email and that email is locked down with google authy so even if they get my password they are still blocked out.
     
    Last edited: Feb 8, 2020
  17. SecurityNewbie

    SecurityNewbie Registered Member

    Joined:
    Feb 7, 2020
    Posts:
    9
    Location:
    Europe
    Thanks, I have done much of what you suggest.

    I have thought of the letter again and that it’s actual possible to open a letter and take the micro or nano sim card out of the letter and put it back in without leaving any trace of it.

    I have just tried to search on how to clone a sim card. It seems that it is much harder now than earlier.

    But as it seems I’m up against someone with technical insight, I would like to hear if any of you is able to clone a new sim card or know someone who can ? - if not, I might feel a bit more secure.

    Also, I guess the NSA can, but I’m more interested in if a person from a non government security agency is capable of this.
     
  18. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    905
    Isn’t email (plain text over multiple nodes on the internet) actually less safe than SMS?

    I would prefer a bank that uses TOTP, a hardware token, or a mobile App as a second factor.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.