In theory there are hacks for SS7 (Signaling System 7) but its far easier to just convince a phone company to switch a phone number over to your control using social engineering or fake ids, etc.

Using SMS for any kind of 2factor auth isn't very secure due to phone number takeover issues.
posted by TheAdamist at 7:37 AM on March 8, 2017 [1 favorite]

Technically possible, difficult for civilians, requiring specialized knowledge/access/hardware. Law enforcement does it regularly. There are two basic ways to do it:

1: Clone a SIM card, or
2: Build a cell tower to intercept the call.

It is much easier to use social engineering than to do either of these.
posted by Jairus at 7:38 AM on March 8, 2017

See this recent forbes article about stealing sms auth codes, Forbes:Hackers Have Stolen Millions Of Dollars In Bitcoin -- Using Only Phone Numbers
posted by TheAdamist at 7:41 AM on March 8, 2017

The #1, far-and-away, easiest method would be to hack into their account on their provider's web site using phishing, and then transfer the number to an account you control. Of course they'd notice pretty soon but you might get the data you need in that time.

Second easiest, you could install malware on their phone itself.

Third best would be build a fake cell tower. The hardware and software to do this is now available for under $1000. Then put it in the trunk of a car and park outside their house. A big problem with this is that all the major networks are switching to 4G only, which is much harder to spoof.
posted by miyabo at 8:26 AM on March 8, 2017

It is much easier to use social engineering than to do either of these.

If you're not familiar with the term, "social engineering" is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Here's a scene from Hackers that depicts some (cheesy) social engineering.
posted by filthy light thief at 8:30 AM on March 8, 2017

As long as you don't let your phone connect to femtocells (it helps if you have a phone that actually tells you when you are connected to one), you're fairly safe from most people on the technical side. The bigger risk, as others have already mentioned, is social engineering.

Also, make sure you have a recent SIM card (older ones are easier to crack), don't let your phone out of your sight, and disable the Bluetooth SIM Access Profile unless you have a specific need for it. Those simple steps make it nearly impossible to clone your phone.

It's dead simple to clone a Verizon or Sprint phone that is using 1xRTT, but if you make sure you're using EV-DO or LTE, it becomes massively more difficult. On at&t, as long as your SIM says at&t and not Cingular you should be safe. Some of the older Cingular SIMs are crackable now.
posted by wierdo at 10:57 AM on March 8, 2017

It recently happened to someone I know. Their phone number got transferred from one company to another and then to a third, and calls and texts to their number went to the hacker's phone. This was in the US. I don't know how the hacker got it started.
posted by The corpse in the library at 11:03 AM on March 8, 2017

Google is failing me now, but when I covered telecom I know there was a case of a plumber who used call forwarding to reroute all of a competitor's calls to his business. That was dumb because the target's phone just stopped ringing entirely, and when he tried calling himself from outside, his competitor picked up, so that got caught pretty quickly.

But there have been rumors and gossip for years now that various escort services in Las Vegas have bribed telco employees to re-route some percentage of calls to competing services to their inbound number instead. The caller is just dialing a number they found on a sticker somewhere, and they don't really know or care where their call ends up. They only siphon off some calls, so the target is still getting calls. They just seem to be getting fewer of them than someone else, and it's hard to prove what's going on. But it's been whispered about in telecom circles for a very long time.
posted by Naberius at 6:55 AM on March 9, 2017

This thread is closed to new comments.