eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

212
active users

#sim

2 posts2 participants0 posts today

#Israel #NeverAgain #Sim Kern

"“Never Again Means Never Again For Anyone”: An Interview With Sim Kern" [ ± 1-3 min]
by Mother Jones
----- READ the interview at:
---> “‘Never Again’ Means Never Again for Anyone”: An Interview With Sim Kern <-
---> motherjones.com/politics/2025/07/sim-kern-genocide-bad-palestine-book/ <-

youtube.com/shorts/ALFF3i3u0Gw

Quote by MJ:
"Jul 16, 2025
Sim Kern never set out to become a face of anti-Zionist Judaism—the English teacher turned science fiction author and “BookTok”-er was just in the right place at the right time.
Facing, as the October 7 attacks unfolded, a social media feed they described as embodying “two contradictory realities” about Palestine, they started posting about it.
“If you didn’t give a fuck about what’s happening in Palestine until two days ago,” Kern said in their most viral video, “that is because you see Israelis as people, and you do not see Palestinians as people.”
Over the past year and a half, their social media presence has turned into an archive of video shorts breaking down history and misinformation, and covering genocide in Gaza, where Israel’s defense minister recently announced plans to move the remaining population into a closed camp built on the ruins of the city of Rafah. (The United Nations, Amnesty International, and leading Holocaust and genocide scholars have deemed Israel’s war in Gaza genocidal, charges also brought against the country’s government in an ongoing case before the International Court of Justice.)
The book, which ties scholarship with memoir in Kern’s distinctive TikTok voice, breaks down nine key talking points used to defend or obscure the Israeli government’s actions and how to respond.
“Perhaps the most fundamental and vital labor, of all liberatory organizing,” Kern writes, “is the act of explaining hard truths. In your own words. To your own people. As clearly and compellingly as possible. Over and over and over and over.”

#NeverAgain #STOPtheGenocide
#JUSTICEforHindRajab #JUSTICEforRifaatRadwan
#LIFEfor#Netanyahu#Gallant#Gvir#Smotrich

Replied in thread

@stman @Sempf @LaF0rge yes.

Because physical SIMs, like any "cryptographic chipcard" (i.e. @nitrokey ) did all that fancy public/private crypto on silicon and unless that was compromizeable (which AFAICT always necessistated physical access to the #SIM, espechally in pre-#OMAPI devices) the SIM wasn't 'cloneable' and the weakest link always had been the #MNO /.#MVNO issueing (may it be through #SocialHacking employees into #SimSwapping or LEAs showng up with a warrant and demanding "#LawfulInterception"):

Add to that the regression in flexibility:

Unlike a #SimCard which was designed as a vendor-independent, #MultiVendor, #MultiProvider, device agnostic unit to facilitate the the #authentification and #encryption in #GSM (and successor standards), #eSIMs act to restrict #DeviceFreedom and #ConsumerChoice, which with shit like #KYC per #IMEI (i.e. #Turkey demands it after 90 days of roaming per year) und #lMEI-based #Allowlisting (see #Australia's shitty #VoLTE + #2G & #3G shutdown!) are just acts to clamp down on #privacy and #security.

  • And with #EID being unique per #eSIM (like the #IMEI on top!) there's nothing stopping #cyberfacist regimes like "P.R." #China, #Russia, #Iran, ... from banning "#eSIMcards" (#eSIM in SIM card form factor) or entire device prefixes (i.e. all phones that are supported by @GrapheneOS ), as M(V)NOs see the EID used to deploy/activate a profile (obviously they don't want people to activate eSIMs more than once, unless explicitly allowed otherwise.

"[…] [Technologies] must always be evaluated for their ability to oppress. […]

  • Dan Olson

And now you know why I consider a #smartphone with eSIM instead of two SIM slots not as a real #DualSIM device because it restricts my ability to freely move devices.

  • And whilst German Courts reaffirmed §77 TKG (Telco Law)'s mandate to letting people choose their devices freely, (by declarong #fees for reissue of eSIMs illegal) that is only enforceable towards M(V)NOs who are in #Germany, so 'good luck' trying to enforce that against some overseas roaming provider.

Thus #Impersonation attacks in GSM-based networks are easier than ever before which in the age of more skilled than ever #Cybercriminals and #Cyberterrorists (i.e. #NSA & #Roskomnadnozr) puts espechally the average #TechIlliterate User at risk.

  • I mean, anyone else remember the #Kiddies that fucked around with #CIA director #Brennan? Those were just using their "weapons-grade #boredom", not being effective, for-profit cyber criminals!

And then think about those who don't have privilegued access to protection by their government, but rather "privilegued access" to prosecution by the state because their very existance is criminalized...

The only advantage eSIMs broight in contrast is 'logistical' convenience because it's mostly a #QRcode and that's just a way to avoid typos on a cryptic #LocalProfileAgent link.

Replied in thread

@LaF0rge yeah, that I did figure out with the whole #GSMA signing chain.

  • The few "vendor independent" options I've seen were mere eSIM management tools at the LPA / LPAC level and subsequent #Apps from companies that sell #eSIMcards (aka. #eSIM in Triple-#SIM form factor) like #5ber, #EIOTCLUB, #9e and others...

These do in fact work and I guess having something like lpa-gtk that can be remotely told to deploy/switch eSIMs is the closest to what I'm looking for that will be possible in the walled maze that GSMA forces everyone to walk through as they don't allow people to roll their own CI/CA and exercise control.

  • Granted as you hinted in your talk the reliance on having public internet access kinda defeats the purpose of a WWAN connectivity like 5G/4G/3G/2G so at best it allows for dynamically (with interruption) switch between eSIMs based off the current traffic pattern (i.e. from a narrowband flatrate or no base rate pay-as-you-go to a broadband flatrate or cheaper per-traffic plan).

Fortunately I don't even need like legacy services like Voice/SMS and a phone number so it's easy to obtain eSIMs for that which neither expire nor incure standby fees.

GitHubGitHub - EsimMoe/MiniLPA: Professional LPA UIProfessional LPA UI. Contribute to EsimMoe/MiniLPA development by creating an account on GitHub.

So, der große SIM-Karten-Reiseführer für Südkorea ist fertig. Wer lieber eine lokale (e)SIM haben möchte, bekommt bei der Einreise viele Angebote. Auch mit Leihrouter. Manchmal sogar Kombiangebote, wenn man länger online bleiben will. Es gibt etwa eine T-Money-Karte oder auch Nudeln. 😁

#reisesim #sim #esim #südkorea

handyhase.de/magazin/suedkorea

Handyhase.deSüdkorea Roaming: Mit SIM-Karte und eSIM Kosten vermeidenWer nach Südkorea reist, der kann mit einem sehr guten Mobilfunknetzwerk rechnen. Handyhase war vor Ort und zeigt, welche Angebote es gibt.
Replied in thread

@cryptgoat ja, nur ist es quasi illegal @signalapp / #Signal #anonym (also faktisch nur #pseudonym, weil stets korrelierbar qua #Rufnummer -> #ICCID -> #IMSI -> #IMEI -> #Location) zu nutzen.

  • Seit 07/2017 sind anonyme #SIM-Karten faktisch illegal und ne SIM mir Rufnummer ist ne #Paywall die faktisch teurer ist als nen @monocles - Abo.

Allein die notwendigen #Workarounds sind so heftig paywalled dass es eher sinn macht 1h Hands-on - Training zu investieren...

fedifreu.de/@cryptgoat/1147051

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)Content warning: Rant re: Signal Shills being dangerous Tech Illiterates
Replied in thread

@netopwibby OFC #FirefoxOS would've been a success if people exited about it (like me) and #developers (like @fuchsiii) were ever abke to legally obtain any device with FirefoxOS on it.

IMHO, @Mozilla / #Mozilla cannot be trusted at all!

A Researcher Figured Out How to Reveal Any #PhoneNumber Linked to a #Google Account

Phone numbers are a goldmine for #SIM swappers. A researcher found how to get this precious piece of information through a clever brute-force attack.
#privacy

wired.com/story/a-researcher-f

WIRED · A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google AccountBy Joseph Cox

#SKTelecom #cyberattack : Free #SIM replacements for 25 million customers

#SouthKorean mobile provider SK Telecom has announced free SIM card replacements to its 25 million mobile customers following a recent #USIM data breach, but only 6 million cards are available through May.

SK Telecom is the country's largest #mobile network operator, serving roughly half of the domestic mobile phone market

bleepingcomputer.com/news/secu

That's Not How A SIM Swap Attack Works

shkspr.mobi/blog/2025/04/thats

There's a disturbing article in The Guardian about a person who was on the receiving end of a successful cybersecurity attack.

EE texted to say they had processed my sim activation request, and the new sim would be active in 24 hours. I was told to contact them if I hadn’t requested this. I hadn’t, so I did so immediately. Twenty-four hours later, my mobile stopped working and money was withdrawn from my bank account.

With their alien sim, the ­fraudster infiltrated my handset and stole details for every account I had. Passwords and logins had been changed for my finance, retail and some social media accounts.

(Emphasis added.)

I realise it is in the consumer rights section of the newspaper, not the technology section, and I dare-say some editorialising has gone on, but that's nonsense.

Here's how a SIM swap works.

  1. Attacker convinces your phone company to reassign your telephone number to a new SIM.
  2. Attacker goes to a website where you have an account, and initiates a password reset.
  3. Website sends a verification code to your phone number, which is now in the hands of the attacker.
  4. Attacker supplies verification code and gets into your account.

Do you notice the missing step there?

At no point does the attacker "infiltrate" your handset. Your handset is still in your possession. The SIM is dead, but that doesn't give the attacker access to the phone itself. There is simply no way for someone to put a new SIM into their phone and automatically get access to your device.

Try it now. Take your SIM out of your phone and put it into a new one. Do all of your apps suddenly appear? Are your usernames and passwords visible to you? No.

There are ways to transfer your data from an iPhone or Android - but they require a lot more work than swapping a SIM.

So how did the attacker know which websites to target and what username to use?

What (Probably) Happened

Let's assume the person in the article didn't have malware on their device and hadn't handed over all their details to a cold caller.

The most obvious answer is that the attacker already knew the victim's email address. Maybe the victim gave out their phone number and email to some dodgy site, or they're listed on their contact page, or something like that.

The attacker now has two routes.

First is "hit and hope". They try the email address on hundreds of popular sites' password reset page until they get a match. That's time-consuming given the vast volume of websites.

Second is targetting your email. If the attacker can get into your email, they can see which sites you use, who your bank is, and where you shop. They can target those specific sites, perform a password reset, and get your details.

I strongly suspect it is the latter which has happened. The swapped SIM was used to reset the victim's email password. Once in the email, all the accounts were easily found. At no point was the handset broken into.

What can I do to protect myself?

It is important to realise that there's nothing you can do to prevent a SIM-swap attack! Your phone company is probably incompetent and their staff can easily be bribed. You do not control your phone number. If you get hit by a SIM swap, it almost certainly isn't your fault.

So here are some practical steps anyone can take to reduce the likelihood and effectiveness of this class of attack:

  • Remember that it's OK to lie to WiFi providers and other people who ask for your details. You don't need to give someone your email for a receipt. You don't need to hand over your real phone number on a survey. This is the most important thing you can do.
  • Try to hack yourself. How easy would it be for an attacker who had stolen your phone number to also steal your email address? Open up a private browser window and try to reset your email password. What do you notice? How could you secure yourself better?
  • Don't use SMS for two-factor authentication. If you are given a choice of 2FA methods, use a dedicated app. If the only option you're given is SMS - contact the company to complain, or leave for a different provider.
  • Don't rely on a setting a PIN for your SIM. The PIN only protects the physical SIM from being moved to a new device; it does nothing to stop your number being ported to a new SIM.
  • Finally, realise that professional criminals only need to be lucky once but you need to be lucky all the time.

Stay safe out there.

Terence Eden’s Blog · That's Not How A SIM Swap Attack Works
More from Terence Eden

🆕 blog! “That's Not How A SIM Swap Attack Works”

There's a disturbing article in The Guardian about a person who was on the receiving end of a successful cybersecurity attack.

EE texted to say they had processed my sim activation request, and the new sim would be active in 24 hours. I was told to contact them if I hadn’t requested this. I hadn’t, so I did …

👀 Read more: shkspr.mobi/blog/2025/04/thats

#2fa #CyberSecurity #MFA #security #sim

Terence Eden’s Blog · That's Not How A SIM Swap Attack Works
More from Terence Eden

If you change your #phone #sim temporarily, i.e. use a new phone number, #Signal keeps working as before. #WhatsApp stops working if you change your sim i.e. phone number. Signal knocks the socks off whatsapp for staying in touch while travelling, when your normal sim and phone number have malfunctioned (my new #telekom cellular provider cancelled my old SIM & provider & sent me their new SIM for new contract: while I was abroad, without asking me if this date suits). Signal rocks. Use signal.