'Ghost Telephonist' lets hackers take over phone numbers

According to the researchers, the attacker can also initiate a call or an SMS by impersonating the victim. 

Published: 31st July 2017 11:49 AM  |   Last Updated: 31st July 2017 11:49 AM   |  A+A-

Image for representational purpose only.


LAS VEGAS: A group of Chinese researchers have demonstrated an "evil attack" called the "Ghost Telephonist" which allows hackers to take over phone numbers and gather call and message content.

The demonstration was made on Sunday by the UnicornTeam researchers from 360 Technology, China's leading security company, at the ongoing hacker summit Black Hat USA 2017 here, reports Xinhua news agency.

In the team's presentation, security researchers introduced one vulnerability in CSFB (Circuit Switched Fallback) in 4G LTE network. 

In the CSFB procedure, the researchers found the authentication step is missing.

"Several exploitations can be made based on this vulnerability," Unicorn Team wireless security researcher Huang Lin, told Xinhua. 

"We have reported this vulnerability to the Global System for Mobile Communications Alliance(GSMA)".

The team presented a scenario where one could reset a Google account password using a stolen mobile number.

After hijacking a user's communication, researcher signed in the user's Google Email and clicked "forget the password". Since Google sends verification code to the victim's mobile, attackers can intercept the SMS text, thereby resetting the account's password. 

The victim keeps online in 4G network unaware of the attack.

A lot of internet application accounts use verification SMS to reset the login password, which means an attacker can use a phone number to start password reset procedure then hijack the verification SMS.

According to the researchers, the attacker can also initiate a call or an SMS by impersonating the victim. 

Furthermore, Telephonist Attack can obtain the victim's phone number and then use the phone number to make an advanced attack. 

The victim will not sense being attacked since no 4G or 2G fake base station is used and no cell reselection. These attacks can randomly choose victims or target a given victim.

The research team proposed many countermeasures to operators and Internet service provider as well. Researchers say now they are collaborating with operators and terminal manufacturers to fix this vulnerability. 


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on are those of the comment writers alone. They do not represent the views or opinions of or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp