The Daily Telegraph

Mobile flaw allows hackers to send spoof calls and messages

- By Margi Murphy

MOBILE networks are investigat­ing a major flaw that allows hackers to hijack phone numbers to fake calls and texts from banks and family members.

The flaw in the 4G network allows someone to make a phone call look as if it is coming from any number they choose, which could be used by criminals to extract customers’ personal details and empty their bank accounts.

An ethical hacker was able to replicate the attack on a Telegraph journalist. While speaking over the phone, he was able to make it appear as though he was calling from the journalist’s desk phone and send texts that appeared to come from their energy supplier, Twitter and EE, a phone company. The spoof messages appeared in the same thread as previous, official communicat­ions.

“This is very dangerous as it is impossible for anyone to figure out whether it is a genuine call or not,” Mick Godfrey, a cyber security specialist, told The Daily Telegraph. “This flaw has been around for years. It took me a day to create a tool that could exploit it.”

Hackers could make it appear as though they were calling from different numbers as long as they had their victims’ contact details. If they had a picture of the person they were impersonat­ing, they could make a call appear along with the photo of the person they were pretending to be.

The flaw allows hackers to remotely dial in and out of the 4G network that most smartphone­s in the UK rely on. Security researcher­s have been aware of these vulnerabil­ities, often referred to as “ghost telephonin­g”, for years.

However, they were brought to light this week by a paper from Purdue University and the University of Iowa.

A spokesman for Vodafone said it was aware of the research, adding that there was no indication customers had been affected. Mobile UK, the representa­tive trade body for UK networks, said it would look into the report.

Newspapers in English

Newspapers from United Kingdom