By Mind Train - Mon Feb 04, 2019 8:57 am
- Mon Feb 04, 2019 8:57 am
#4165
Hi there
Here's an interesting Lime scooter hack
When we were disassembling the GPS module LBCAT-S we found out a few interesting things, like that it runs Android, has BLE, GPS and 4G, and a SIM card
I searched the SIM card by ICCID (serial number) and found out that the SIM has been issued by T-Mobile USA as the virtual operator for Twilio
https://www.twilio.com/
This operator is IoT and it's perfect for Lime but it has some security holes
After months i activated one of the SIMs that i have and ............ It works and it's not blocked
The SIM has no PIN
The SIM is Active and it Roams in more than 180 countries https://www.twilio.com/docs/wireless/av ... -operators
The SIM has active data, just setup a nAPN to wireless.twilio.com and you will be connected to the Internet
I haven't tried calling or sending texts/SMS, but the internet is fine and works if you need it
But be aware of using it for private things
Operator and/or customer and/or police can see everything about you like your device SN, ID, Type, Location, your communications (base network communication like handling and states of terminal) and they can read every data you send that is not secured, including info you send and receive like DNS and HTTP communication
Question is...why are they not blocking SIMs if know their scooters are offline for a longtime. Why are they not blocking the SIMs if they know that the SIM is being used for something else, and the company is paying for the usage
Here's an interesting Lime scooter hack
When we were disassembling the GPS module LBCAT-S we found out a few interesting things, like that it runs Android, has BLE, GPS and 4G, and a SIM card
I searched the SIM card by ICCID (serial number) and found out that the SIM has been issued by T-Mobile USA as the virtual operator for Twilio
https://www.twilio.com/
This operator is IoT and it's perfect for Lime but it has some security holes
After months i activated one of the SIMs that i have and ............ It works and it's not blocked
The SIM has no PIN
The SIM is Active and it Roams in more than 180 countries https://www.twilio.com/docs/wireless/av ... -operators
The SIM has active data, just setup a nAPN to wireless.twilio.com and you will be connected to the Internet
I haven't tried calling or sending texts/SMS, but the internet is fine and works if you need it
But be aware of using it for private things
Operator and/or customer and/or police can see everything about you like your device SN, ID, Type, Location, your communications (base network communication like handling and states of terminal) and they can read every data you send that is not secured, including info you send and receive like DNS and HTTP communication
Question is...why are they not blocking SIMs if know their scooters are offline for a longtime. Why are they not blocking the SIMs if they know that the SIM is being used for something else, and the company is paying for the usage