Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Huh. Would it be possible for someone to hijack the SIM card in such a device and use it to get free calls all over the world, including long-distance? Would that be illegal? Would anyone care? :)


Yes, yes, and yes.

There was a case in the news a few years or so ago where someone did that with the SIM that was in their electric meter, which was used once a day by the electric company to send a report of cumulative usage.

What they did not count on was that many cellular carriers have data plans specifically for devices like that electric meter that just need to send a very small amount of data every hour or day or so.

Those plans have a very small monthly fixed fee, a small data allowance, and astronomical overage fees. Typical data allowances for the cheapest plans are maybe 50 KB, which is plenty for sending "<meter-id> <timestamp> <cumulative kWh> <checksum>" once a day.

The person used the SIM for their calls and data, including downloading a bunch of movies. They ended up incurring around $150k overage charges.

The electric company cared very much, and the person ended up with a short jail sentence.


Really? So I can send anyone I want to jail, as long as they have one of these? Wow, that's definitely not going to cause problems!


No, you'd go to jail for tampering with their electric meter.


Two anecdotes about similar issues.

There's an old (10 years?) case about smart traffic lights that included SIM cards for connectivity - which were taken out of the traffic lights and abused. See https://www.bbc.com/news/world-africa-12135841

Another case (for which I don't have a link) some years ago was that ornithologists were doing tracking of large migratory birds using ankle bracelets w. embedded radios - until people "underneath" the birds found out that they contain a SIM provisioned for international roaming, which resulted in birds with such bracelets being shot down to obtain these SIMs as they could be used to extract and sell a few thousand dollars in comms services to locals.


> Would it be possible for someone to hijack the SIM card in such a device

Depends if it's using a physical SIM card or an eSIM module like Apple does that's entirely provisioned from the device's userland.

> and use it to get free calls all over the world, including long-distance?

Depends on the plan assigned by the vendor / phone company. If it's a data only plan, then no.

> Would that be illegal? Would anyone care? :)

Depends on which jurisdiction you are and what you're doing. A couple of dollars worth of charges on a company that sells millions of "smart" devices? Probably won't even get flagged. A couple hundred dollars for calling a phone sex line or someone on a satellite phone however? That will cause someone to have a look.


Usually eSIM cards are data only.


Eh, unlimited data plans might still be valuable to someone.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: