I just had my cell phone cloned yesterday. End of the day, my phone lost signal suddenly. I thought it was a problem with my chip, so I decided to check that on a store and buy a new one next day.

Today, after I recover my chip and number, I started to see the mess. Someone used my number to send message to all my contacts on whatsapp, asking for money. Also, I had some contact info changed on the bank broker, which is really serious. I do not know what else is compromised, and I'm truly worried about it.

Someone has some good tips for improving security while using cellphones?

Eh. Not really. If I know your phone number I can figure out what service provider you use and request a new SIM card. I just have to call support and say that it broke or something. It might not always work. But one could just try multiple times until a support person doesn't see through the lie.

I don't even need to 'clone it' in any way.

Other than that. Encryption only helps if the phone is off.

@BigBoo i though only one sim card could exist at the time (from the operator standpoint).

@hube That's why you lose connection when someone activated the new card.

I never download bank apps. Prefer the old way

@BigBoo I can't see how they know @nanl's contacts if they only have her SIM. Maybe she had some scam app installed, too.

Or maybe this is about some more serious identity theft than just the SIM card.

@carlosjpc no one cares ;)

@BigBoo ohh right didn't see that part about the lost of signal.
Too bad phones today cant handle full encryption when locking it and decrypting it when unlocking it, that would be awesome (but probably would ruin your battery)

@hube that doesn't make any sense. All data on the storage device is encrypted all the time.

When not in use, keep phone in a faraday case. This keeps hackers from being able to steal your data being broadcasted.

Dump the number get a new one

@sylar182 not being able to recieve calls at all might be a problem though.

Check if your 2FA accounts are still the same.

For the rest. Think like a hacker. Put yourself in the opposition.

Also how tf did your phone get cloned? Thats pretty time consuming

@sylar182 but if they social engineer their way through your service provider to get a new sim sent all that is moot

It's happening a lot here in my country. Even some politicians had their cell phone numbers cloned. It works the same everytime: Phone loses signal, owner is unware, and in this meantime whatsapp messages are sent to everyone on their list, always asking for money transfers.

I believe there is a gang specialized in this type of fraud, which has some privileged contact with people working on cell phone service providers.

I didn't even think that shit was possible outside of shitty hacker movies :o

That is some serious shit.
Hope it all resolves ASAP for you and other victims.

I doubt that the whole phone's operating system got duplicated, as mentioned before that's pretty time-consuming and besides, how would you do that without physical access and a means to read out the whole system (using prebootloader stage or similar), and not get noticed?

My guess is that they clone the SIM card instead (edit: or rather, ask someone else - the carrier - to do it for them, lol). Ask the carrier if they recently got any requests for SIM card duplication for your number. If so, tell them that they should get their service personnel trained against social engineering.

Also ask your WhatsApp contacts whether they got a message about your keys getting changed. With just a SIM card but not the private key from your device they can't send messages without generating a new keypair.

They make their own cell tower and make your phone connect to it and steal act like man in the middle for auth. Its actually not that hard if you have the tech. All the mobile protocols are full of security holes and you can downgrade versions for legacy.

and a quick summary video https://youtube.com/watch/...

I don't think anybody understood I was being sarcadtic. Obviously if the device is in a Faraday case then it won't work. And if they social engineered their way in through the phone company then they need to change some policies or you need better security questions on your account.

@zlice Germans and Austrians are quite fluent in sarcasm.

‮@zlice gooooood.

@filthyranter Germans don't know humour... But how did you tag @zlice backwards 🤔

@electrineer right-to-left mark

Also Germans definitely have humor.

@filthyranter it's not considered humour outside Germany ;)

@electrineer Wrong