Ghost Telephonist Hijacks Your Phone Number
Hackers have exploited a vulnerability in wireless networks that allows them to make calls and send messages from your phone number. Cyber security researchers have termed this attack “Ghost Telephonist.” This unique attack emphasizes the importance of network security and your phone number.
Your phone number is very important. It is not something that you change every other day. You likely have linked your phone number to your bank accounts, your social media accounts, your membership accounts, and other app accounts. Tracking your phone number will divulge your location, where you’ve gone and when you went there, who you made calls to, who called you, who you sent messages to, and who you receive messages from. Analysis of this data will provide the pattern of your calls, your movements, etc…, This is what is being mined, and the analyzed data is being sold. This data could be used to send you highly targeted advertisements, or for something much more sinister.
When a hacker is able to make calls from your phone number – just imagine what all could be done. The hacker would be able to impersonate you. With appropriate technology, the hacker could communicate in your voice. There have been cases of hackers blocking or rendering a SIM card inactive and then contacting persons on the phone’s contact list for “emergency scamming” or smishing fraud.
Hackers have rendered SIM cards inactive and then diverted calls and messages (especially OTP – one-time password messages) to SIM cards and phones in their control. This is dangerous, as it could be used to authorize fraudulent financial transactions. SIM swapping, spoofing, etc… Your bank account would be in their hands – passwords could be changed, and money could be transferred. The increased security of two-factor authentication would be rendered useless.
Weak Signal Vulnerability
In mobile communication, the latest standard is Long-Term Evolution (LTE) for high-speed wireless communication. In a practical scenario, whenever the LTE signal is weak, the phone is designed to connect to another type of signal such as a 3G or 2G signal. Hackers have exploited a vulnerability in this switch-over connectivity. When a signal switches over to 2G, hackers are able to make calls and send messages from the compromised phone number. The most sensitive part is that the victim will not know that the hacker has taken over the phone.
The hackers are able to control the phone number from their device. The existence of social media accounts such as Facebook can be found out by typing phone numbers, and if an account exists then, the hackers can reset the password. And this password would reach the phone number under the control of the hacker. The Facebook account could then be hijacked.
The discoverers of this vulnerability have provided details to concerned authorities and technology companies. This vulnerability is being fixed, or already has been fixed in many cases. Ensuring network security is of paramount importance for mobile service providers. Mobile device owners must be alert to any abnormal or fishy activity regarding their phone number. Protect your phone number and your device.
Rachel Weisz21 Posts
Rachel Weisz is a network security expert/analyst and is an author of many blogs/articles on internet security.