We are used to trusting our mobile phones with a lot of valuable information: passwords from websites, access to bank accounts and a collection of intimate photos. Smartphones in their current form seem pretty secure from data leakage, and for maximum peace of mind, it seems logical to buy the simplest push-button phone. But what if a tiny mobile phone starts subscribing to paid services, helps attackers set up an account in instant messengers, and secretly starts sending out SMS with incomprehensible content?

Wait a minute, what happened?

Several similar stories from RuNet prompted us to take a closer look at this issue. After spending a little more than half an hour in search engines, the browser was filled with tabs with various articles, posts and comments. And everywhere the issue of draining other people’s numbers to potential intruders was discussed. Someone was faced with the appearance of an Iranian user’s Telegram with a Russian SIM-card, the grandmother of another unexpectedly registered in this messenger, without knowing it. The icing on the cake was a very detailed article with a study of the internals of push-button phones firmware. If we take what is described in it at face value, many budget dialers have secret functions for sending messages to certain numbers.

If you trust your emotions when reading such stories, will uncertainty, anger and indignation quickly take over your mind? and the hands themselves will reach out to write a couple of angry comments about the manufacturers of push-button phones. By disguising their product as a secure tool for calling the elderly, these scheming and greedy corporations are blatantly sending incomprehensible messages from our mobile numbers, leaving the owner in the dark. It is doubly frustrating that many of you are purchasing feature phones for your parents and children. Those who are the least versed in cybercrime, digital footprint hygiene and do not expect a dirty trick from their phone are being put at risk!

What does not converge in stories with push-button phones?

After calming down and drinking tea with mint, it is useful to re-examine the events described, but already skeptically. This will help to pay attention to a number of small inconsistencies in the course of events and begin to cling to every small detail. An old SIM card, originally purchased from a local operator, an abundance of relatives around and in some places unjustified categorical judgments. In other words, before the author met the grandmother of his beloved, many events could have happened to compromise the SIM card. Let’s consider a few of them.

Phone or programmer? Who steals SIM cards?

According to the rule of a good detective, let’s start with the shadow market of duplicating SIM cards by publicly available programmers. They cost a match for the equipment of the workshop, so it is impossible to evaluate the benefits of acquiring such a tool before it is possible to find out the market value of such a duplicate SIM card. A variety of online bulletin boards, forums and notorious Telegram chats will help in determining the market value of a fake number. On most of these resources, the cost of a duplicate of an active SIM card does not exceed 500 rubles. Of course, in the event that the buyer is not interested in a specific person and a specific number.

An individual approach to the theft procedure significantly increases the number of zeros in the cost. A similar situation happened in the fall of 2020 with Rinat Nizamov.

In his particular case, the attacker introduced himself as a subscriber to the operator’s mobile phone salon and asked to restore the lost SIM card using a classic notarized copy of the passport. In order to avoid categorical accusations of an employee of a communication salon, one can refer to the employee’s fatigue by the end of the working day, nervousness and lack of concentration – there are quite a few reasons not to see the signs of a fake identity card. The result of the events is known: a duplicate of the SIM card ended up in the hands of malefactors, and on October 16, 2020, social networks and the contact list of the head of the network of city portals Shkulev Media were hacked. If you can call it that, the messages and content were ironically defamatory.

Digging a little deeper into the story of illegal duplication of SIM cards by attackers, the scale of the problem takes on the scale of the entire country, but the main pattern of the attackers remains the focus on recruiting line cashiers and consultants in the field. The shadow market, in principle, is not interested in stagnation and is more reminiscent of illegal drug trafficking or counterfeit alcohol. Criminals can ingratiate themselves with a particular seller and often choose those people who are significantly burdened with credit obligations. In one of the stories, the girl emphasizes that such operations to restore SIM cards helped her get out of credit bondage, after which she decided to change her job.

Why don’t victims of hackers pay attention to blocking their SIM card? To begin with, this operation is performed by the means of the operator itself, and is performed only after the activation of a new physical SIM. While the duplicate is inactive, the victim’s phone works as usual and there is no way to detect the double. Also, there is no way to block a SIM card if you have registered on the network abroad.

Who buys duplicate SIM cards?

In the story with the grandmother in Telegram, one of the main threads may be the mention of the Iranian service for the sale of foreign Numbersell numbers. To the inhabitants of Russia, such a service appears as a concentrated evil, where they sell and buy stolen numbers. But residents of a country where access to the popular instant messengers WhatsApp and Telegram is blocked at the legislative level, the opportunity to purchase a Russian SIM card for 10-20 US dollars is seen as a simple and convenient way to communicate through these instant messengers. Just as it is not illegal for you to add a VPN extension to your browser, but for the residents of the UAE, such a prank no longer seems so insignificant.

The shadow market of SIM-cards also covers India, China and other large countries that strictly regulate the use of Internet resources and access of Western corporations at the legislative level. Foreign residents, on the other hand, may need to access specific Chinese web services that require a Chinese SIM for authorization.

The average price of active weChat, Telegram and WhatsApp accounts balances at $1.5 and is often offered in bundles for 100 and 1000 accounts.

Do push-button phones transmit information to intruders?

Here we return to the topic of the title, already armed with numbers and data. From one stolen Telegram account, a push-button phone manufacturer can earn no more than 150 rubles and a maximum of 1,000 rubles for a complete SIM-card cloning. The second option is much more profitable, but the interfaces in mobile phones do not allow you to read all the memory cells of the SIM card. Only the first option remains, but it is also illegal.

Unlike SMS subscriptions and the sale of games whose demo versions are loaded into the handset’s memory. The profit for the manufacturer from each game purchase can reach 5 US dollars, which is much more interesting than illegal data transfer and SMS interception. and this is already enough not to build conspiracy theories inside the walls of push-button manufacturers. But only in those cases when you are sure of the origin of the firmware of your phone and the correctness of the settings of the SMS notification center.

  • For MTS subscribers, the correct number of the SMS message processing center is +7 916 891 00.
  • For Beeline subscribers, the correct number of the SMS message processing center is +7 903 701 11.
  • For Megafon subscribers, the correct number of the SMS message processing center is: +7 926 290 90
  • For Tele2 subscribers, the correct number of the SMS message processing center is +7 904 340 00.
  • For Yota subscribers, the correct number of the SMS messaging center is +7 958 536 90.

As part of the mentioned story, with the theft of the number for registering a Telegram account, the number of the SMS processing center displayed on the phone differed from the correct one, because it was configured for the old operator, which issued the SIM card along with the number. It is difficult to judge potential troubles if you also use an incorrect SMS center number, so we will limit ourselves to the advice to check and set the correct data in the cell phone settings.

What SMS do push-button phones send discreetly?

Having carefully studied all the minor inconsistencies in the sensational publications about push-button phones, and at the same time studying the scale of the shadow sale of numbers and accounts, we also made an attempt to study the background activity of push-button phones. In the publication, which featured the opening of firmware and the identification of parasitic code, BQ products were mentioned. Or rather, the firmware of one of the brand’s phone models downloaded from the network. Is BQ’s range of push-button phones really impressive? and among it it was easy to pick up 4 models of affordable button phones for a simple test of background activity.

Further, SIM-cards of different mobile operators were purchased. Sellers in communication stores heard as wishes the absence of packages and the inability to drive the SIM card into a minus. The number of the YOTA operator was sold to us without the support of voice calls at the tariff level – already minus 100 rubles out of the blue.

In total, we have 4 SIM-cards of the Big Three operators and 4 push-button phones of the BQ brand. The task of the experiment is simple to the level of the outlet: leave the devices on and prevent them from losing the network. This went on for 3 weeks, after which each of the phones appeared with different notifications.

22 new messages – exactly as many different SMS messages have arrived on BQ 2810 Boom XL. All these messages come from the Megafon operator and contain information about how the funds on the account ended due to the tariff with a daily write-off of 5 rubles. Apparently, the consultant in the store offered us a tariff with a subscription fee, although they asked for the opposite. Nothing, go to your personal account and order the details.

Outgoing message to +7 962 950 90, 2 hours after the phone is turned on. If anyone sends messages, it’s the phone itself. At this point, it is enough to be alert and move on to the next BQ 2430 Tank Power.

13 new SMS were displayed on its screen, and the Beeline operator was listed as the sender. The loud speaker of this phone forces you to immediately turn on the silent mode, and the number of incoming messages from the operator makes you think about the amount of spam. 13 messages is also quite decent.

In detail, one outgoing message was also found, which cost 2.5 rubles. The number +7 962 950 90 appears again, which emphasizes the scale of the situation. What about other phones?

With a score of 10 incoming SMS, the respectable pun BQ 1851 Respect was in third place. What is there to be ashamed of! A few days after turning on this push-button dialer with buttons, a message about activating the mobile Internet got stuck in the inbox. It’s good that they haven’t imposed life insurance on a buyer who is now paying in installments for a smartphone somewhere. But the result turned out to be deplorable and the money on the account ran out, and did not allow to enjoy 700 minutes of calls and 700 SMS on a SIM card from MTS.

But if you look at the details, the data show an expense of exactly 0 rubles for the entire reporting period. Apparently, the SIM-card was only paid for a weekly tariff plan, which included unlimited mobile Internet. Interestingly, outgoing messages were not noticed at all, and if you need a feature phone that does not send any messages about its activation, you can choose BQ 1851 Respect. It remains for us to look at the most affordable BQ 1848 Step +.

This phone got a free SIM card issued by a Megafon employee after a short dialogue about the lack of a tariff for voice calls from Tele2. Alas, the Tele2 SIM card refused to work in all available push-button phones. Even in the old Nokia N95 it refused to be detected. It’s a pity, although this phone has 0 incoming messages. Looks great, but how are the details?

I have to admit, it’s very strange. Detailing did not show a single day of the SIM card being in the push-button BQ 1848 Step+. The phone itself correctly indicated the correct identification of the operator and did not give a reason to check the performance of the SIM card. Once in the iPhone SE, the number immediately came to life, and its activity period is displayed in detail. We dare to suggest that this is due precisely to the zero activity of the phone itself. He crept silently through the days, as a ninja with + should.

And what kind of SMS to the number +7 962 950 90?

The phone sends a message to this number with the IMEI number to register the device as a sold copy. The recipient and more details about the content of this message are detailed on the BQ e-warranty description page. Not all models of push-button phones of the brand support this format for transmitting messages from the phone’s IMEI, so some devices do not send messages secretly from the owner.

It is worth noting that push-button phones BQ 1851 Respect and BQ 1848 Step + do not send any messages at all and you can safely choose them in case you need to clearly record each call and other type of activity on the subscriber’s personal account. Both models are as simple and friendly as possible to use, and their cost varies about 1000 rubles.

And who is ultimately to blame for the theft of the number?

It is still incorrect to take a certain position in the history of registering a Telegram account. We can only charge ourselves with a portion of hatred for the actions of intruders and assume someone is in contact with the number of an elderly person on the Numbersell website. Or not to believe the mysterious stranger on the other side of the dialogue, or even not to believe anyone at all. Also, you won’t find the mysterious F+ model among the BQ phones. mentioned in the material on the study of the insides of the firmware.

To trust technology, it is necessary to carefully and soberly assess the possible risks. But suspecting push-button cell phones in secretly sending messages turned out to be not unfounded. Another thing is that not all models send SMS with activation data, and we did not notice any other independent activity. But having barely got into the iPhone, one wrong move led to a write-off of 8 rubles for sending a message to a short number iMessage and FaceTime.

Learn more about cybersecurity:

  • Top 7 Best Free Antivirus for Windows
  • Why not use the same password for multiple resources?