Phone Number Hijacks/Spoofing

Phone No Hijacks/Spoofing.

I've seen of a couple of instances of phone number hijacking again recently - typically WhatsApp - but you can also see it with services like Skype (Consumer) and the like. What am I talking about?

Well, let's consider Skype (Consumer). When I make a call from my Skype client it actually appears on the remote end as to be from my mobile. When I set this up, I have to enter my mobile no. I then get a code on my mobile which I have to enter to show that I own that number. When I do, I can then make calls with an outgoing number of my mobile.

Spotted the hack yet? Get that code, and you can make phone calls appearing from my mobile.

Imagine you're selling something and the buyer is reasonably wary. Conversation goes like this:

Buyer: I want to make sure you are who you say you are. I'm going to text you a code and if you can tell me what code is we can continue.
Innocent: Sure!
Innocent: Gets code, sends it to buyer.

*BOOM* buyer now can make phone calls appearing to be from your mobile.

It's a similar hack with WhatsApp. Just replace being able to make calls to owning your WhatsApp account.

very wary of telling people these codes. Make sure you trust the service asking for a start. Here's a real example:

blog comments powered by Disqus