ordered a new phone so I wanted a new SIM for a clean slate. My country require KYC for SIM cards. So i ordered this https://www.ebay.com/itm/295938085941 I see now that the card is being shipped from Israel.
Cloning, swapping etc , how bad idea was this on a scale from 1-10? Even if the package is unbroken , I assume someone with physical access (and resources) can do a lot of stuff?
I like security meetups where everyone brings a SIM card and you put it in a hat, shake it up, and pass them back out again at random.
What’s kyc?
Know Your Customer - Meaning that the user somehow needs to identify themselves to the provider and thus the provider knows who is using the SIM card
Thats wild.
Acronym for Know Your Customer, requiring some kind of identity verification before enabling service.
Why would you ever be buying a sim card seprate from the carrier servicing it…?
Honestly asking, that’s incredibly unusual to me. Where I live, the mobile carrier always provides the sim card. Usually free with a monthly phone plan, or as a part of a pre-paid plan. (pre-paid you can usually buy from a corner store like seven eleven. monthly you’ll actually have to visit their store/mall booth)
Here I have to go to an office show passport , green card and sign paperwork . To get any simcard.
Green card? Which country?
Don’t you mean blue card?
In the US the permanent resident card is green, and its often called the green card. Sometimes americans use the term for equivalent documents in other countries.
OP said they were in the EU. My EU residency card is called a blue card. I thought that was the name across the EU
Nope Spain has a green one
(Assuming Android) IIRC a sim is a full microcontroller. I’m not sure about the protocols and actual vulnerabilities, but I can say no phone has a trusted or completely documented kernel space or modem. The entire operating system the user sees is like an application that runs in a somewhat separate space. The kernels are all orphans with the manufacturer’s proprietary binary modules added as binaries to the kernel at the last possible minute. This is the depreciation mechanism that forces you to buy new devices despite most of the software being open source. No one can update the kernel dependencies unless they have the source code to rebuild the kernel modules needed for the hardware.
In your instance this information is relevant because the sim card is present in the hardware space outside of your user space. I’m not sure what the SELinux security context is, which is very important in Android. I imagine there are many hacks advanced hackers could do in theory, and Israel is on the bleeding edge of such capabilities. I don’t think it is likely such a thing would be targeting the individual though. As far as I am aware there is no real way to know what connections a cellular modem is making in an absolute sense because the hardware is undocumented, the same is true of the processor. I’m probably not much help, but that is just what I know about the hardware environment in the periphery.
Yea I’m looking in do network monitoring when first connecting the phone. Will need root it seems. But since I will install GOS and reset it afterwards it would probably be my best bet for verifying no bad connections . Long time since I used wireshark but should be possible.
You would need a well designed Faraday box and a lot more of a test setup to verify that all possible communications are indeed reported by the device. No interface on the device itself can be trusted.
Stealth.net sounds promising for topping up the card. Just USD Any other options for EUR cards?
did you look at this? it was in the list I gave you lol https://simsup.net/shop/
Yea out of stock and lack of info though
ah okay, i didnt check.
i know JMP.chat has physical sims now, maybe you could contact them or look on their site. im sure of they get enough requests they might provide european cards
another option is to use eSIMs. have you looked into this? there are tons of esim providers that take cryptocurrency. all new phones can do eSIMs i think.
also check out monero market, there is a bunch of physical sims in there https://moneromarket.io/?q=sim
Thanks. yea simXL seems not like bad option , will check the esim statuson GOS nowadays. :( Seems the E- Sims have a 30 day limit…
look into PGPP. amazing stuff
You should ask the seller to make sure, but I’d assume those cards will require KYC on activation.
Actually no , Romanian cards are non KYC , one of the few countries left in Europe. I’m in another but can live with a foreign number
You could have asked me for one. I’d send you one for free. 😎
Thanks :) start selling on ebatly seems to be a good business :)