Can Your Phone Be Hacked if Someone Knows Your Phone Number?

By SB •  Updated: 09/25/20 •  11 min read

Perhaps you have found yourself in a situation where your phone was hacked and it left you wondering how the heck it happened. 

Nobody can hack into your phone if the only information they have is your phone number, but knowing your phone number is the first step in gaining unauthorized access to your personal accounts. 

Your Phone Number is Also Your Identification Number

Obviously, you would never think to post your social identification number somewhere public and you would never hand it over to a random acquaintance.

Your phone number is the way through which people contact you, and keeping it secret defeats the purpose of a phone for social connection.

The phone number that you use across all your personal accounts to verify your identity, is a valuable target.

Arguably, your phone number is more important for identification purposes and cross-linking your accounts than your official government-issued social identification number.

So what happens when someone knows your phone number and decides to target your accounts?

5 Signs that Your Mobile Phone has Been Hacked

  1. Unrecognized Phone History: You notice something you don’t recognize on your phone (i.e., apps you didn’t download, messages you didn’t send, purchases you didn’t make, suspicious phone call history);
  2. Battery Hog: Your device is utilizing way more resources and battery power and becomes hotter than usual. Malware working in the background might reduce its power significantly;
  3. Data Use Unaccounted For: Mysterious data usage spikes without any changes on your part. Malicious processes might be consuming your mobile data in the background as they track what you do;
  4. Odd Phone Behaviour: Apps that don’t run the way they should, switch on and off unexpectedly, or that crash or fail to load;
  5. Pop-Ups: If you notice lots of pop-ups appearing on your screen, you probably have spyware or malware.

Was it Hacked With Just a Phone Number?

A phone number on its own isn’t able to be hacked by everyday hackers. But your phone number and some charm is an effective hacking combination.

A hacker does not necessarily have to have the full technical knowledge or be a hacking guru before he or she can successfully hack into your phone and accounts. All they need is your phone number and a little knowledge of social engineering. What a hacker will do is to get your phone number, contact your service provider by speaking to the customer service representative claiming that he or she is you and he or she may claim that you misplaced your phone or got it stolen. The questions generally asked by service providers are about a person’s date of birth and where someone lives. Once the hacker can answer this perfectly, the service provider is convinced that the caller is you, and the hacker will request the representative of the service provider to “port-out” your phone number to another SIM card or carrier. 

Assumed Identity

Once the “port-out” is done, your phone number will become activated on the hacker’s SIM card and he or she can then make calls, receive and send messages as if they are you. You may not even notice that your number is not longer working while you operate your phone; the only way you could know is if you suddenly lose cell service without any reason. The hacker will from there have access to your accounts connected to your phone.

What Can Hackers Do With Your Phone Info

Once a hacker has control over your phone, he’s likely to go straight to your email because you most likely have other accounts connected from there.

Since he has access to your phone number, to access your email account, all he needs to do is to press the “forgot password” at the point of login. If you have 2FA, the link to reset the password will be sent back to your phone number, which he now has control over, as he receives all messages. After getting access to your email account, the next action is to access all your online accounts including your social media accounts. Of course, he does not know the passwords to those accounts, but he can again click on the “forgot password” button to reset the passwords. Those websites will also send the passwords to your compromised email address. 

It will be difficult to recover your phone number and prove your ownership of your accounts that have been taken over, linked to your compromised phone number. Worse still, the hacker may copy, delete, or share your personal data. The best thing is to be sure this kind of situation does not happen to begin with.

Other Ways to Get Your Phone Hacked Using Your Phone Number

There are some other methods to use to hack your phone through your phone number. I will list them and give you a simple explanation.

How Can You Protect Your Phone Numbers From Hackers?

There are basic steps anyone can take to protect their devices. For example, most abuses are easily prevented by enabling 2-factor authorization and having a secret passphrase that your service provider must request before allowing a password change. 

There are several precautions you can take to help protect your phone number and your device from hackers:

  1. Secondary security code or passphrase: Just like the two-factor authentication that you use for your online accounts, you could also add a secondary security code to your phone account. Either you do this online or you call your service provider to do it for you. This layer of authentication will ensure that only you have access to change the code. However, do not rely on this as a fail-safe layer because a customer service representative may forget to ask for the code when the hacker disguises himself as you.
  2. Don’t answer your security questions truthfully, or give different answers for each site: When you choose your security questions for logging into sites that you access from your phone, it is better not to answer the security questions truthfully. Although truthful answers are easier for you to recall, your truthful answers to your childhood best friend or first dog’s name are likely ripe and ready to be harvested by the wrong people from your social media pages or the ol’ myspace-like survey forms. If you’ve filled out any questionnaire and posted it to your social media, you might as well serve your passwords on a platter to anyone who wants control of your phone and accounts. Do not use the same security question for all sites. Most people use the same password for many accounts; don’t be the many. Use a password manager or good ol’ pen and paper to record your different passwords for different accounts; this will ensure that even if the hacker successfully guesses your pet’s name and logs into one website, he’s not guaranteed to access other websites.
  3. Do not connect your phone number to any of your sensitive accounts: If you don’t want your online accounts to be hijacked through your phone number, do not connect your primary phone number to those accounts, including your email address. Better yet, if you’re in the United States, you can sign up for Google Voice and use that number for your online accounts. You can also create a new, dedicated-to-shopping-use Gmail account, without connecting it to any of your existing email accounts. To do so, just leave the phone number fields blank. Once you are done, you can create a new Google Voice number and then secure the account with a very long high-entropy password and a one-time passcode generator.
  4. SIM card locking: You can also protect your SIM card from getting hacked by putting a passcode on it. You can do this by setting this code on your iPhone and Android. For iPhone users, follow this sequence on your phone; go to Setting-> Cellular-> SIM PIN. For Android users, follow this sequence on your phone; go to Settings-> Security&Location-> Other Security-> SIM card lock and you can successfully lock your SIM Card.
  5. Another layer of security: have two phones. Buy a prepaid phone plan or SIM card and dedicate that phone number for important accounts associated with unchanging data: your banking, government, mortgage accounts; you know, sensitive accounts you want to safeguard. Then continue using your probably already compromised “everyday phone number” for friends and work. 

Though these steps might seem time-consuming, you can accomplish them to prevent any major risk of getting your phone hijacked. Remember that it is better to prevent it than to find all your compromised accounts, see what the damage is, and try to recover and rebuild your identity and reputation, bit by bit.

OpenSource App to Monitor Your Phone and Block Unauthorized Data Use

Android Phone: Use NetGuard (also available from the f-droid or Aurora app store). “NetGuard is the first free and open source no-root firewall for Android.” NetGuard provides simple and advanced ways to block access to the internet — no root nor any Google services required. Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

Blocking access to the internet can help:

Implement these strategies right away. Prevention is better than cure.

Why You Don’t Want to Make Your Phone Number Publicly Available…

Find Information From a Phone using OSINT Tools

SB

I've been practicing OSINT and utilizing Linux as my daily operating system for over twenty years. The tools are always changing and so I'm always learning, but helping you understand the value of protecting your own data remains at the forefront of everything I do.

Keep Reading