bumpyride Posted August 6, 2020 Report Share Posted August 6, 2020 (edited) I recently found an Iphone 11 Pro Max in perfect condition. The phone is locked. I placed lost and found ads on Big Sky Lost and Found, and on Craigslist. Even included the opening screen picture asking, "Does anyone recognize these 3 Dogs". No luck. I called Verizon, Apple, and even Asurion Insurance in case someone filed a claim on it. None would even look up the sim card number or the serial number and call the old owner. It's so far a Brick. Might as well use it for a breakfast table shim. I don't have insurance on my phone. I did for awhile but I've paid for many a phone with not much to show for it, and the $300 out of pocket sealed the deal. Now the tip. My phone is locked, but has an opening screen without the need to unlock. So on the opening screen i put, "If found call Deb at 218-xxx-xxxx". Haven't had to use it yet, but I rest a little easier. Hope no one loses the phone, but it's a shame to see a $1,000 phone to be used as a shim. Edited August 6, 2020 by bumpyride Read the next post. Quote Link to comment Share on other sites More sharing options...
TVR Posted August 6, 2020 Report Share Posted August 6, 2020 (edited) Be aware that a phone is an easier target than most computers for a hacker. If you use the WiFi or BlueTooth features, and leave their radios on, respectively, then you are a relatively easy target to be hacked. At the last blackhat conference, it averaged just a little over 2 minutes to hack anyone's Android device, and a little over 3 minutes for the newest IOS device. Windows phone were hacked on average in 91 seconds. What does this mean, and why am I telling you? Please don't keep your "picture of my Driver's License, Insurance Card, Registration, Old Military ID, and Health Insurance Info." on your phone. Identity theft is the least of your issues with that much info, as I can create an entire fraud ring in your name with all that. If the wallet is an issue, buy one, and use the insert for pictures as the wallet. Mine fits in a shirt pocket, if I want. For context, I work in IT, so I know about this from experience, not conjecture or reading some tabloid. Hacking is not about getting or guessing your password, but in reality, tricking the underlying code to process bits in a way they should not. As an example (will give an old example so as not to propagate hacking in this channel) when Windows 2000 came out, many used them as their web servers to host their web sites in data centers across the globe. 10's of thousands were installed. If an individual came across a web server running Windows 2000 they would only need to put an executable (presumably to form the reverse socket connection for them to do what they wanted from there) in their current directory, (lets call it boom.exe) and go http://theirwebsite.com/%255c%255c/boom.exe and would own the web server from there. The reason is what is called a buffer overflow, where the Windows 2000 server buffer didn't know how to deal with the %255c and from their interpenetrated it as ASCI which is the equivilant in windows of the ../ command. Since the IIS server goes back two directories, it puts the CWD as C:/windows/system32 and since that directory has root permissions to run, it takes the boom.exe and just runs it, in that directory, installing whatever the hacker wants and owning the server. Obviously, from there they own whatever else on the network they want. Buffer overflows are but one in a huge list of tools a hacker will use. Patching only works for flaws already detected. When an attacker is sitting within range, he only needs a little time to run code against your phone, and if successful, will pull your pictures and contacts to data mine as much value as possible. For you, they hit the jackpot. You won't ever know about it, until the IRS shows up to collect the taxes owed on the now-defunt business that was started by you. I don't know you, but please, don't keep that kind of info on your phone. Edited August 6, 2020 by TVR 2 Quote Link to comment Share on other sites More sharing options...
bumpyride Posted August 6, 2020 Author Report Share Posted August 6, 2020 3 hours ago, TVR said: Be aware that a phone is an easier target than most computers for a hacker. If you use the WiFi or BlueTooth features, and leave their radios on, respectively, then you are a relatively easy target to be hacked. At the last blackhat conference, it averaged just a little over 2 minutes to hack anyone's Android device, and a little over 3 minutes for the newest IOS device. Windows phone were hacked on average in 91 seconds. What does this mean, and why am I telling you? Please don't keep your "picture of my Driver's License, Insurance Card, Registration, Old Military ID, and Health Insurance Info." on your phone. Identity theft is the least of your issues with that much info, as I can create an entire fraud ring in your name with all that. If the wallet is an issue, buy one, and use the insert for pictures as the wallet. Mine fits in a shirt pocket, if I want. For context, I work in IT, so I know about this from experience, not conjecture or reading some tabloid. Hacking is not about getting or guessing your password, but in reality, tricking the underlying code to process bits in a way they should not. As an example (will give an old example so as not to propagate hacking in this channel) when Windows 2000 came out, many used them as their web servers to host their web sites in data centers across the globe. 10's of thousands were installed. If an individual came across a web server running Windows 2000 they would only need to put an executable (presumably to form the reverse socket connection for them to do what they wanted from there) in their current directory, (lets call it boom.exe) and go http://theirwebsite.com/%255c%255c/boom.exe and would own the web server from there. The reason is what is called a buffer overflow, where the Windows 2000 server buffer didn't know how to deal with the %255c and from their interpenetrated it as ASCI which is the equivilant in windows of the ../ command. Since the IIS server goes back two directories, it puts the CWD as C:/windows/system32 and since that directory has root permissions to run, it takes the boom.exe and just runs it, in that directory, installing whatever the hacker wants and owning the server. Obviously, from there they own whatever else on the network they want. Buffer overflows are but one in a huge list of tools a hacker will use. Patching only works for flaws already detected. When an attacker is sitting within range, he only needs a little time to run code against your phone, and if successful, will pull your pictures and contacts to data mine as much value as possible. For you, they hit the jackpot. You won't ever know about it, until the IRS shows up to collect the taxes owed on the now-defunt business that was started by you. I don't know you, but please, don't keep that kind of info on your phone. Good advice. I deleted the things you pointed out. Still would keep another phone number on opening screen to have a chance to recover the phone. 1 Quote Link to comment Share on other sites More sharing options...
TVR Posted August 6, 2020 Report Share Posted August 6, 2020 That suggestion, the screen lock with your number (or alternate number to call) is genius... I will do that on my phone as well.. put my wife's number on it to call if lost. Great tip man! 1 Quote Link to comment Share on other sites More sharing options...
Corey Posted August 6, 2020 Report Share Posted August 6, 2020 I went with my email on my lock screen. Won't help if it's legitimately stolen, but there's a chance that a good samaritan (like @bumpyride) can contact me. A scary thought for a hacked phone is how many systems/places use my phone as the second part of TFA... 1 Quote Link to comment Share on other sites More sharing options...
philw Posted August 7, 2020 Report Share Posted August 7, 2020 18 hours ago, Corey said: ..A scary thought for a hacked phone is how many systems/places use my phone as the second part of TFA... Yeah. Consider at least using a separate second SIM for 2FA, or a usb key where possible. And keep a list of all the accounts the phone's used as 2FA for as those are the ones you'll need to deal with if it's taken. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.