Let’s face it: in a world where constantly being connected is a must, it’s virtually impossible to live without our mobile phones. In fact, people still place and receive dozens of calls and text messages on the go to this day. Now imagine how crippling the feeling might be when you try to call a friend or a family member only to be told by an automated message that your phone number is invalid. After contacting the cell phone provider, you find out that your number has been transferred over to someone else without your consent: Orwellian dystopia or modern-day reality? Unfortunately, it’s the latter.
Believe it or not, hackers are capable of hijacking cell phone numbers and can then use them to access virtually all the data of their victims. Not even our cell phone numbers are safe from wrongdoers anymore, which is why protecting them at all costs – which can be carried out rather easily – should be of top priority.
What Stealing Someone’s Phone Number Means
At first, the act of hijacking a mobile phone number seems like something from a sci-fi novel, but despite being a rather unconventional way of stealing data, it’s actually quite doable. In fact, researchers testing the overall security of the mobile provider Sprint proved that all it takes is to get access to a cell carrier’s internal staff portal and hackers could easily transfer the ownership of phone numbers to them via SIM swapping, which is initiated every time a phone number is brought over to another carrier.
This is already enough to give anyone the chills, but hijacking a phone number is just the beginning of the nightmare, especially for those who set up their phones to be the secondary step in a two-factor authentication (2FA) process. While 2FA is supposed to make user accounts impenetrable, if the phone number is hijacked, then both authentication keys – the password and the code sent by SMS or push notification – have fallen into the hands of the hacker.
And since the average user pays virtually no attention to creating strong passwords, a hacker could easily take control of the login, and with the additional authentication code in their possession they can compromise an account without any hindrance.
You Cannot Hide…
Although the hacking attempt against Sprint was performed by security experts, it clearly showed how vulnerable user data is with phone services. And seeing a rise in number hijacks, as well as the ridiculously buggy nature of certain cell carrier sites – for example EE, a service in the UK – it’s clear that nobody is safe. In just 2018 there were several data breaches involving phone service providers, such as when T-Mobile revealed that several of its customers’ data was stolen.
WhatsApp’s case, on the other hand, is a prime example of the carelessness of both service providers and customers alike. When a phone number transfer is initiated, WhatsApp can be set to send the authentication code necessary for the transfer via an automated phone message that reads out the code for the recipient. The fault in this authentication method is that users typically never change the PIN code protecting their voicemail accounts, meaning that hackers can easily transfer phone numbers to their own accounts without the victims ever noticing it.
…But You Can Fight Back
This situation is undoubtedly severe, but that doesn’t mean users cannot do anything about it. As a matter of fact, there are several ways to ensure that hackers can’t hijack your phone number. First and foremost, activating 2FA for the account managing your mobile phone subscription is a must. However, for every other account where the mobile number is used as an authentication option, it’s highly recommended to replace it with apps like Google Authenticator in order to prevent wrongdoers from accessing those accounts via intercepted SMS codes.
But by far the best way to protect yourself from cell phone hacks is to use password managers that can store and recall even the most complex passwords, regardless of whether they belong to a mobile account or something else. Password management tools can house other credentials – such as PIN codes – in their password-protected vaults, meaning that any data related to your phone number can be kept safe from prying eyes.
Best Password Managers of 2019
|Editor's Choice 2019|