I know it’s an odd question, but where I live phones get stolen often. My phone doesn’t have the option for an eSim, which is a problem because 90% of the time when a thief steals a phone they take out the SIM card immediately, meaning I wouldn’t be able to remotely lock or wipe my phone.
Should I consider glueing the SIM tray shut? Or are there alternative less permanent measures I can take to keep my device secure?
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.42K Posts
- 56.8K Comments
- Modlog
If I really had such a concern I’d use a Linux phone, e.g PinePhone or PinePhone Pro, and I would program it so that unless a certain command has been ran, if it boots or stay too long (e.g 1s) without a SIM then it deletes sensitive data.
1 second?
Or a rooted android.
The federal government has had difficulty dealing with modern locked phones. The sim isn’t integral to the security of the device, it’s just a pointer for the carrier to route calls to. A modern phone with whole system encryption and a strong password is going to be protected against most everyone including nation state actors.
The only real advisory I like to put out with regards to phones is the same as most other devices, don’t reuse passwords and for two factor ideally use something other than email or SMS which makes it far more difficult to get the second factor.
The other thing that’s kind of a ‘best practice’ is using a password rather than any kind of biometric. The reason there is last I’d read (in the USA) the current legal guidance is that while authorities can compelle someone to put a finger on a screen or look at the device, they cannot compelle them to open the contents of their mind (forced testimony) due to the 5th amendment protections. Of course that kind of thing is more related to legal situations rather than lost/stolen devices.
Some phones including Samsung are encrypted by default.
Don’t keep data on your device you don’t need and use the encryption.
that doesn’t help with sim removal. sim swaps are stuff are a thing and honestly more of a concern than data exfiltration.
“meaning I wouldn’t be able to remotely lock or wipe my phone”. The original post indicated data was the issue. If they want to get the sim out and wipe it, they will. Need to solve the problem (data loss).
deleted by creator
This is unfortunately how a lot of online privacy communities feel. Like it’s mostly performative privacy fan service. Often with a weird martyrdom thread running through it, almost as if people are mixing up the ideas of privacy, with simple rebellion against modern technology.
I can’t speak to any particular communities, but to me it’s about putting extra steps between me/my data/whatever and thieves. (I have a personal tinge of rebellion against social media and perma connectedness but I generally see them as separate)
If my password is “password” anyone can and will pop it
If my password is “P@$sw0Rd60&4” alot of people could and probably would
If my password is ^ and I use 2FA, sure that can be spoofed but the number of able hackers is much lower and it’s much more work, quite frankly I’m just not that interesting 😂
Etc etc, adjusted for situation
Uhm, I don’t care about the device or the SIM card?.. I care about my data, and I care about remotely wiping the device before they can try access the device if they are even trying to access it in the first place?
Sure they can turn it off, but if I activate the command to wipe the device the command will execute as soon as the device is powered on.
This is not the case if they remove the SIM. If they remove the SIM the connect is lost and the device can remain on and be tampered with, with my data still entact.
I don’t “keep asking for proof” I literally asked in one comment? You seem very angry about people asking questions online, maybe you should do some introspection or something idk
deleted by creator
Hot glue can be undone with heat
It would give me enough time to remotely wipe the device before they can remove the SIM would it not?
No, they can do it with the phone turned off.
Get a metal case, weld it shut. Connect it to a long chain and a 25kg dumbbell. Guaranteed they won’t rob you of your phone.
This is the best tip so far. Thank you so much!
expired
Ahh imagine carrying on one side for too long, the back pain…
Maybe I could also look into hiring someone to carry the setup for me, that way I can have even more peace of mind knowing I’m protecting my health and my data! /s
deleted by creator
I might recommend using something like tape. Extra Strong Clear Tape.
You may also want to invest in a phone case; preferably an opaque and waterproof one that is difficult to remove.
There are apps available on F-Droid like PrivateLock which might help too; this will automate locking your phone if it’s snatched from your hands suddenly.
Last thing I can say is to use a short screen timeout and a strong password to unlock the phone.
you really shouldn’t be recommending things that adds attack vectors.
Do not use privatelock! It has the possibility to permanently lock your phone! For me it had a bug with the sensor and it was very hard to remove
Private Lock also hasn’t been updated for four years :(
You could just set a Sim pin
I have a SIM pin… how does having a SIM pin stop them from taking the device offline by removing the SIM?..
It keeps them from making calls as you
Don’t glue it shut, paint it shut with an acrylic paint or nail polish. Try to stick to the surface with the paint - you could even paint it to cover it/obscure it’s location as well.
This way, if you ever need to remove it you can delicately dab acetone over it to dissolve the acrylic and it will open once again!
This is amazing! Thank you, I will definitely be painting it closed.
A better option would be to use a good password generally and the built-in lost device functions like Find my iPhone, Google Find my Device or Samsung Find my Mobile.
If you’re using Android, and want a separate app that can lock down your device outside of the built-in functionality, among a ton of other features:
I used to use Cerberus years ago for that security before that functionality was really built in. It is a side loaded app that allows remote tracking, lockdown, etc. and functions as a system app. They have a version of the apk that is listed as “System Framework” with a stock Android icon and as well to hide in the app listing. You can have it hide the app and access it via a dialer code as well for added security. When I used it, you could have it take photos to send to your email with location data for incorrect login attempts, send messages to the device to display while lost, etc. www.cerberusapp.com
Still no use if the SIM gets pulled, therefore losing connectivity and rendering any Find My Device app useless. Unless I’m missing something?
Of course nothing will work if the SIM is removed, no new SIM is inserted, and they don’t connect it to Wi-Fi. But at that point, whoever has it also isn’t using the device either are they?
There is no way to have a device know it is stolen and wiped without it being able to get that notification from somewhere.
If that device is connected back to the Internet though, all of the find my device services work just fine, and you can queue a wipe to wait for the device to be online again. None of them are reliant on your SIM or phone number, they all use the MEID/IMEI and your Apple/Google/Samsung/etc. account to manage it.
To actually answer your question:
Super glue would be a decent option. You should only need one drop to secure the tray.
If you ever need to open the tray again, wet the area with isopropyl alcohol for a few minutes, and it should pop right open without damage. If you get too much resistance, add more alcohol and wait a little longer.
There is also a 2-part epoxy with similar performance called “Doubkr Bubble” that also dissolves with alcohol, but it’s definitely overkill for a SIM tray.
deleted by creator
Amazing, thank you! I think the super glue option will be best. The phone is water resistant as well so I don’t see the isopropyl being an issue to try loosen the super glue.
With the phone off, the isopropyl should be safe. It’ll dry quick, too.
If you can open it, they can open it. There’s not much of a point if it’s something you can undo.
It at least provides resistance to the immediate removal of the card. I doubt most thieves are running around with readily available solvents. Could provide enough time to remotely lock or wipe as OP said
Same deal as putting a lock on a door. Buys time
Exactly this. I’m looking to buy time not to completely bar access
deleted by creator
Thiefs just throw phones into faraday cages to block all access immediately, then they fiddle with it at home. You’re pretty much screwed either way.
Source? Because I have many videos as evidence showing thieves throw SIM cards out of the window of their escape vehicle, so that seems to be the common one here
Phones have a unique equipment identifier number (IMEI) that they share with towers. Changing SIM changes the subscriber ID (IMSI) but not the IMEI (manufacturers don’t make it easy to change the IMEI). So thieves (and anyone else) with the phone could be tracked by the IMEI anyway even if they do that, while leaving the phone on.
In practice, the bigger reason they don’t get caught every time if they have inadequate opsec practices is that in places where phone thefts are common, solving them is probably not a big priority for local police. Discarding the SIM probably doesn’t make much difference to whether they get caught.
Source? Because I have seen many videos showing thieves throw SIM cards out of the window of their escape vehicle, so that seems to be the common one here
Do you have any sources for this? Or is this something people in the suburbs tell each other over a campfire.
Have you thought about using a strong unlock method, so they can not gain access to your data in the first place (if all you want to do is wipe it)?
I’m on a Samsung A34 using a passphrase to unlock, I’m not sure it gets stronger than that? Unless there’s something I’m missing
having proper hardware security like is present on pixels would help a lot. if you can, look into a pixel and put grapheneos on it. I know it doesn’t solve your sim removal issue but the documentation can walk you through a lot of that.
I’m on a Samsung A34 using a passphrase to unlock, I’m not sure it gets stronger than that? Unless there’s something I’m missing
SIM cards do sometimes malfunction, so if that happens and you glued it in you’re kinda screwed.
This is also true, maybe there’s another non permanent way of doing this? I only need the SIM card in the device when it’s stolen long enough for me to remotely wipe the device
Well, either you glue it, and if you ever need to switch the SIM, you buy a new phone. Or you buy a new phone with eSIM support now.
I guess the only other option is to have a case that’s hard to get off to buy you some time?
There isn’t really a point to that. The very first thing thieves do is turn off the phone so you can’t track it. They’ll then usually format your phone and sell it. Best you can do is set up a secure password and not show any info on the lock screen so they at least wouldn’t be able to access your stuff.
Samsung devices require the unlock pattern/code to be shut down.
Umm… no they don’t? You need a password to unlock it after restarting it but you absolutely can turn the phone off without a password. I’m on my 3rd Samsung device and have never entered a password to shut any of them off.
Every Samsung device I was handed over the last few years required to enter the unlock code for it to be shut down. Maybe it is a dedicated setting or something?
Pretty sure every single mobile has a key combination to power off and recovery when your display or touch isnt working properly. At least its the case for my samsung m51.
Amd what do they do if the battery runs out? Suspend to disk?
and thiefs will just throw it into a faraday cage to block the signal immediately.
Not in my country lol, they’re not that smart
Not in my country lol, they’re not that smart
True, but in my country and in my experience the first thing they do is remove the SIM card so that you can’t track it, if it’s an android which it is in my case.
I’ve got a secure password and no details on the lock screen but I’d just like to try protect myself even more