Account and Mobile Security

From Whonix


Ambox warning pn.svg.png Documentation for this is incomplete. Contributions are happily considered!

  • A compromised mobile phone could turn on the microphone and eavesdrop without any compromise indicator noticeable by the user. The audio leakage from keyboard typing can be used to infer the words up to a certain degree of accuracy. This might reveal passwords. See Microphone.
  • Similar for camera.

SIM Swap Scam[edit]

Essential knowledge: SIM Swap Scam [archive]

Due to SIM Swap Scam and Malicious SMS Re-Routing, consider setting a registration lock. This prevents someone who has gotten access to your mobile number from re-registration without knowing the pin code for re-registration.

  • Signal messenger: three dots → settings → privacy → scroll down → Registration Lock PIN
  • Telegram: settings → privacy and security → two factor authentication
  • WhatsApp: settings → account → Two-step verification

Malicious SMS Re-Routing[edit]

Even without SIM Swap Scam, attackers can do malicious SMS re-routing [archive].

Two-factor Authentication (2FA)[edit]

Even users who are knowledgeable about bulk phishing or spear phishing can benefit from 2FA. See Two-factor Authentication (2FA).

Phone Number Security Compartmentalization[edit]

Consider using at least two different mobile phone numbers. One that you give to friends, colleges, etc. To real people. The other phone number you give only to banks and perhaps other money sensitive services that require SMS as a second factor or as a means to contact you.

The rationale behind this is that people you know might give your mobile number to others. Or their mobile phone may be hacked or stolen. Thereby or through other means your mobile number might end up being published on the internet. This might make you a target for SIM swap scam. However, if you used different phone numbers in different places, a SIM swap scam would cause less damage.

A phone which is being carried outside and daily is more likely to get stolen or robbed than a phone which most of the time is being kept in a safe(er) location. Thereby using your everyday phone, the thief at least does not get a chance to fraudulently access any bank accounts.

Due to possible SIM swap scam:

  • Avoid using a phone number (SMS) for Two-factor authentication (2FA) whenever possible and use better options such as "google authenticator". It doesn't or shouldn't have to be literally be "google authenticator" but any alternative 2FA application. See 2FA for more information.
  • Inform all contacts of a possible SIM swap scam. Should they receive any requests for money or other strange requests, encourage them to call you instead to confirm.
  • Prefer messengers or other chat applications that support a Registration Lock PIN over SMS.


See Also[edit]

text=Jobs in USA
Jobs in USA

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: 1024px-Telegram 2019 Logo.svg.png Discourse logo.png Matrix logo.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png link=mailto:?subject=Account and Mobile Security&body= link= and Mobile Security link= and Mobile Security link= and Mobile Security%20 and Mobile Security

Have you contributed to Whonix ™? If so, feel free to add your name and highlight what you did on the Whonix ™ authorship page.

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.