Jan 6
#P5: Little foxes. SIMplicity can fuck us up too
In our search for simplicity in security, SIM cards have more power than they should!
Backstory
There’s Apple, then there’s Android. RIP to Blackberry.
I am not really a fan of being sucked into an ecosystem. Frankly, I don’t think anyone plans to spend over 6 digits in dollars on Apple devices. It’s a gradual process. but the simplicity embedded in their user experience will one way or the other get you hooked.
This is a story of how a move from an Android device to an Apple device almost made me a potential victim of fraud. Stay with me. You’ll understand what I mean.
My first use of an Apple device was when my HP PC developed issues. A situation that led to my post about how and why I hate Lagos. My employer replaced the PC with a Macbook and thus began my journey into the Apple ecosystem.
I recently changed employers. At my new role, the products I manage cut across more than just android and web, it includes iOS. which meant I had to get acquainted with the mobile side of the Apple ecosystem as well. Since I was more familiar with Android OS.
To fast-track my Apple mobile learning curve, my employer got me an iPhone as a work phone to get familiar with, run product tests among other things. I installed a SIM I don't use on the phone so I could access the full functions of the device, and after a while, I got hooked on the user experience.
There are limits to what you can do on a work device though, also it is temporary at best. So, it was clear to me that I needed to work towards a long term solution: a personal iPhone. With that in mind, I started saving towards it in November.
Yarn
I bought the iPhone on the 3rd of January, after two months of saving and a little bit of bambiala [AKA debt financing]. In choosing the type of iPhone to buy, two things were on my mind. One was affordability, the second being a smooth transition from my android.
I was able to settle the affordability piece of the puzzle by settling for the UK used version of an iPhone. The transition part was a little bit trickier. I am used to how android seamlessly allows two SIM cards to operate. I wanted the same with an iPhone. First, everyone told me iPhones can only have one SIM, I wouldn't have that though, and I did a deeper dive.
I would later find out there’s a way to use two mobile network operators on the same iPhone. But, not all iPhones could do this. The way the iPhones that allowed this work is: one of the mobile networks would be an eSIM, while the other network would be the normal nano-SIM card we are all familiar with.
This streamlined the options of the iPhone I could choose from. Boy did I jump at the cheapest 😅 — an iPhone XR. I bought the iPhone XR and so the travails of transition and SIMplicity began.
In moving from an android device to an iPhone, one major problem you would have is your WhatsApp chats. Based on my research and experience, there is currently no [easy] way to move or restore your chats backed up to your google drive to a WhatsApp installed on your iPhone.
What this means is, when you are migrating or transitioning. It’s either you forgo all your past chats, resume using the same account/number on your iPhone with all your chats gone forever, OR you create a new WhatsApp account/number and leave the old chats for the old number/account stored on the google drive.
I chose the latter. I have [or had] two major SIM cards or mobile networks. The MTN ***61 and the Glo line **55. The Glo line was my Whatsapp line on the android.
My plan was that I would leave that lines’ WhatsApp account tied to the google drive backup so that I can always access old chats and back up if I need — You never know when you need to bring receipts these days. I would then create a new WhatsApp account using the MTN number **61, and start afresh on that end.
I implemented this plan. And to make the user experience seamless, I migrated the Glo WhatsApp **55 to WhatsApp business so that I could use auto-response messages to redirect anyone that messaged me to the new WhatsApp I was using since I would not be seeing messages to the Glo WhatsApp.
For the WhatsApp groups, I wrote out the name of the admins of the groups I still wanted to be in, then sent them a broadcast that they should remove the Glo WhatsApp **55, and add the new WhatsApp **61. Add the new WhatsApp so I can access info shared on the group on the new WhatsApp. Remove the Glo/old WhatsApp because I would not be seeing messages to it anyways.
The way I was going to use dual networks on the iPhone was to turn my MTN sim into an eSIM, and my Glo would retain its position as a nano sim. on getting to MTN to switch things, however, I realised MTN had different plans, or I had put myself in a situation that made MTN have different plans.
My SIM could not be converted to an eSIM because it didn't have my name or picture on their database. What is confusing is I was able to link my NIN successfully to this same SIM, but oh well. 😭
It turned out, someone else had registered the SIM, and my information wasn’t the one showing on their database, even if I was able to do the NIN linking. Basically, according to their database, the SIM isn't mine.
Now, this is where this gets dangerous. As small as your SIM card is, it can literally destroy your life both physically and virtually(on the internet). I’ll briefly share two stories, one for physical and another for virtual.
Physical
I lost my wallet in a cab in Akure once. My parents were extra furious when they heard, not because of the wallet but something else. I didn't log a police report immediately. I eventually did after I heard what they shared.
Someone my parents knew was robbed and his wallet was taken, let’s call him Azul, almost the same way I lost mine. But the robbers decided to make multiple stops. At the place they robbed next, Azul’s SIM card was dropped. mistakenly or not. It doesn't matter.
In the police investigation, the police got the SIM and picked Azul up as the alleged robber. No police report means no evidence that he lost the SIM as part of his wallet. If you are familiar with the Nigerian policing system, you know how normal people are treated by the police. So you can imagine the interrogation someone they think is guilty will go through.
Azul was eventually released when a church member came to his rescue and vouched for him. But not before he had done close to 2 weeks with the police for something he knew nothing about.
Virtual
Ezra, the CTO of Paystack is a popular figure in the Nigerian tech space. Like most engineers, he’s mostly private. his handle “@0x” on Twitter on the other hand isn't. It’s literally impossible to get handles like this anymore on Twitter. Also, there are people that are willing to pay a lot of money to get them, others are willing to go the length of hacking you if they need to.
Ezra’s account was eventually hacked. And how was he hacked? his SIM card was compromised. You can read the full story here, or on the pinned tweet on his Twitter page.
If he was not fast enough to disconnect all the work accounts [his Paystack credentials] linked to the SIM, maybe Paystack would have been hacked too. I don't need to tell you what that would have meant or would mean.
The summary is: A compromised SIM means everything else your identity is connected to is in some way compromised as well.
This is because your 2FA is most likely linked to your SIM. If you use authentication apps, the reset is also most likely linked to your SIM, if it’s not, the reset is linked to your mail, and then the reset for your mail is most definitely linked to your SIM. Except you are one of the rare people on earth that store backup security codes safely.
The same applies to your financial information, one way or the other they are connected to your SIM
From this, you can imagine the fear that went through my bones when I was told something I have been building my whole identity and life on isn't mine.
I promptly made the sharp move to buy a new MTN SIM **34, and register immediately. Although I had already set up the MTN SIM with issues **61 as my new WhatsApp, I had to change the number to the new one **34 to prevent further issues.
It is going to be a gradual migration before my Identity is no longer connected to the MTN SIM with issues **61, but I am willing to give it all it takes because there’s too much at stake.
In the meantime, to get my new MTN number **34, which is also my new WhatsApp line, all you have to do is message my Glo/old WhatsApp line **55. You will be redirected correctly once you do.
The pursuit of simplicity in security got us here, being careful and security-conscious can help us manage this, pending when we innovate better solutions to security.
TL;DR
I changed my phone. It allowed me to realise my MTN SIM **61 isn’t mine. It also reminded me of the ways something as simple as a SIM card can ruin its owner’s life if they are not careful and security conscious.
My new MTN number is **34, it’s also my new WhatsApp number.
Seriously tho, you probably should read this write up, little things like SIMs matter more than you think.
P.S.
This is probably a long read. But to prevent being implicated in crimes you know nothing about, being a victim of fraud, scams and identity theft. You probably should read this well.
P.S.S.
If you learnt something, please leave claps. Yes, claps! You become a fan when you leave up to 50 claps for a write-up. Just keep tapping the clap icon. Make it a round of applause. 😅🙈
If you learnt something and like like the writeup, you can share it with your friends 😇 and foes 👀 too.
💚 &💡
