Jump to content
Note to New Members ×

Cell Phone Tips

bumpyride

By bumpyride
in The Lodge

 Share

Recommended Posts

bumpyride Senior Contributor

bumpyride

Posted
Posted (edited)

I recently found an Iphone 11 Pro Max in perfect condition.  The phone is locked.  I placed lost and found ads on Big Sky Lost and Found, and on Craigslist.  Even included the opening screen picture asking, "Does anyone recognize these 3 Dogs".  No luck.  I called Verizon, Apple, and even Asurion Insurance in case someone filed a claim on it.  None would even look up the sim card number or the serial number and call the old owner.  It's so far a Brick.  Might as well use it for a breakfast table shim.

I don't have insurance on my phone.  I did for awhile but I've paid for many a phone with not much to show for it, and the $300 out of pocket sealed the deal.

Now the tip.  My phone is locked, but has an opening screen without the need to unlock.  So on the opening screen i put, "If found call Deb at 218-xxx-xxxx".  Haven't had to use it yet, but I rest a little easier.

 

 

Hope no one loses the phone, but it's a shame to see a $1,000 phone to be used as a shim.

Edited by bumpyride
Read the next post.
Link to comment
Share on other sites
TVR Contributor Plus

TVR

Posted
Posted (edited)

Be aware that a phone is an easier target than most computers for a hacker. If you use the WiFi or BlueTooth features, and leave their radios on, respectively, then you are a relatively easy target to be hacked. 

At the last blackhat conference, it averaged just a little over 2 minutes to hack anyone's Android device, and a little over 3 minutes for the newest IOS device. Windows phone were hacked on average in 91 seconds.

What does this mean, and why am I telling you?

Please don't keep your "picture of my Driver's License, Insurance Card, Registration, Old Military ID, and Health Insurance Info." on your phone. Identity theft is the least of your issues with that much info, as I can create an entire fraud ring in your name with all that. If the wallet is an issue, buy one, and use the insert for pictures as the wallet. Mine fits in a shirt pocket, if I want. 

For context, I work in IT, so I know about this from experience, not conjecture or reading some tabloid. Hacking is not about getting or guessing your password, but in reality, tricking the underlying code to process bits in a way they should not. As an example (will give an old example so as not to propagate hacking in this channel) when Windows 2000 came out, many used them as their web servers to host their web sites in data centers across the globe. 10's of thousands were installed. If an individual came across a web server running Windows 2000 they  would only need to put an executable (presumably to form the reverse socket connection for them to do what they wanted from there) in their current directory, (lets call it boom.exe) and go http://theirwebsite.com/%255c%255c/boom.exe  and would own the web server from there. The reason is what is called a buffer overflow, where the Windows 2000 server buffer didn't know how to deal with the %255c and from their interpenetrated it as ASCI which is the equivilant in windows of the ../ command. Since the IIS server goes back two directories, it puts the CWD as C:/windows/system32 and since that directory has root permissions to run, it takes the boom.exe and just runs it, in that directory, installing whatever the hacker wants and owning the server. Obviously, from there they own whatever else on the network they want.

Buffer overflows are but one in a huge list of tools a hacker will use. Patching only works for flaws already detected. When an attacker is sitting within range, he only needs a little time to run code against your phone, and if successful, will pull your pictures and contacts to data mine as much value as possible. For you, they hit the jackpot. You won't ever know about it, until the IRS shows up to collect the taxes owed on the now-defunt business that was started by you.

 

I don't know you, but please, don't keep that kind of info on your phone. 

 

Edited by TVR
  • Like 2
Link to comment
Share on other sites
bumpyride Senior Contributor

bumpyride

Posted
  • Author
Posted
3 hours ago, TVR said:

Be aware that a phone is an easier target than most computers for a hacker. If you use the WiFi or BlueTooth features, and leave their radios on, respectively, then you are a relatively easy target to be hacked. 

At the last blackhat conference, it averaged just a little over 2 minutes to hack anyone's Android device, and a little over 3 minutes for the newest IOS device. Windows phone were hacked on average in 91 seconds.

What does this mean, and why am I telling you?

Please don't keep your "picture of my Driver's License, Insurance Card, Registration, Old Military ID, and Health Insurance Info." on your phone. Identity theft is the least of your issues with that much info, as I can create an entire fraud ring in your name with all that. If the wallet is an issue, buy one, and use the insert for pictures as the wallet. Mine fits in a shirt pocket, if I want. 

For context, I work in IT, so I know about this from experience, not conjecture or reading some tabloid. Hacking is not about getting or guessing your password, but in reality, tricking the underlying code to process bits in a way they should not. As an example (will give an old example so as not to propagate hacking in this channel) when Windows 2000 came out, many used them as their web servers to host their web sites in data centers across the globe. 10's of thousands were installed. If an individual came across a web server running Windows 2000 they  would only need to put an executable (presumably to form the reverse socket connection for them to do what they wanted from there) in their current directory, (lets call it boom.exe) and go http://theirwebsite.com/%255c%255c/boom.exe  and would own the web server from there. The reason is what is called a buffer overflow, where the Windows 2000 server buffer didn't know how to deal with the %255c and from their interpenetrated it as ASCI which is the equivilant in windows of the ../ command. Since the IIS server goes back two directories, it puts the CWD as C:/windows/system32 and since that directory has root permissions to run, it takes the boom.exe and just runs it, in that directory, installing whatever the hacker wants and owning the server. Obviously, from there they own whatever else on the network they want.

Buffer overflows are but one in a huge list of tools a hacker will use. Patching only works for flaws already detected. When an attacker is sitting within range, he only needs a little time to run code against your phone, and if successful, will pull your pictures and contacts to data mine as much value as possible. For you, they hit the jackpot. You won't ever know about it, until the IRS shows up to collect the taxes owed on the now-defunt business that was started by you.

 

I don't know you, but please, don't keep that kind of info on your phone. 

 

Good advice.  I deleted the things you pointed out.  Still would keep another phone number on opening screen to have a chance to recover the phone.

  • Like 1
Link to comment
Share on other sites
philw Senior Contributor

philw

Posted
Posted
18 hours ago, Corey said:

..A scary thought for a hacked phone is how many systems/places use my phone as the second part of TFA... 

Yeah.

Consider at least using a separate second SIM for 2FA, or a usb key where possible.
And keep a list of all the accounts the phone's used as 2FA for as those are the ones you'll need to deal with if it's taken.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing


  • Recently Browsing

    • No registered users viewing this page.
×
×
  • Create New...