20

Quick Question

Is it possible that I could call a mobile number, but have the call forwarded through another number active on a different phone that someone else has? I have had unlimited access to the other person's phone prior to this.

Is there any way of that happening without the person with the other phone realising the call is being forwarded through them, or the phone records for their phone showing that the call had been forwarded from me?

EDIT: Sorry, just to make it more clear, it's not just a case of spoofing the other person's number, it must also look to the network provider like the call has originated from the other person's phone, not just the call recipient. So when the network provider looks at their records it will show the other person's phone has made the call while connected to mobile mast wherever they are. I would assume it would take some kind of invisible call forwarding (as suggested in comments, going to look into that) or malware loaded onto the phone.

I'm wondering about whether it is possible/practical, and if it is then how feasible the attack is and the skill level needed to carry it out. The location is the UK and other person's phone is a relatively old (2009 or before) Nokia Pay-As-You-Go type phone if that makes a difference.

Back Story

I was given the following situation recently by a friend that works with people who claim they've been wrongly imprisoned. This happened in 2009.

A guy gives me a pay-as-you-go mobile phone so that he can contact me when he needs to. Unknown to me, the phone is cloned. He makes lots of phone calls on his own phone, but the numbers he calls (in another country) show up as being made by the mobile he gave me. The cell site analysis shows the calls were made via a mast that was close to my home, or a mast close to my workplace.

Does that mean he would always have had to be fairly close to the mast near my home or workplace when making those calls?

Or could he have some way of tampering with the phones so that he could be making calls while 50 miles from me, yet those calls show up as being made on the mobile he gave me, AND cell site analysis shows the calls went via the cell sites near my home or workplace?

Now I'm fairly sure from research I've done so far that even cloning a modern SIM card is difficult. But say they did manage to clone it, even then I've seen it suggested having two phones on the network at once would trigger alarms for the network provider. And even then there's the problem that the phone calls are being detected by the network provider as coming from the cell mast near the 'innocent' guy's location.

For these reasons I'm pretty much discounting the SIM cloning, however call forwarding as described below I'm not so sure about.

One other point is this. I call a number, but the call is forwarded to another number. Is there any way of that happening without me realising the call is being forwarded, or the phone records showing that the call had been forwarded?

This is the part my question is about. It doesn't sound possible to me even with the ability to have pre-loaded some malware onto the other persons phone but I'm not an expert.

Peanut
  • 1,019
  • 1
  • 8
  • 22
  • 1
    I've moved my answer to another question as it doesn't really answer yours. As a reference: [How can I spoof a phone call and make it appear to come from another phone?](http://security.stackexchange.com/questions/36986/how-can-i-spoof-a-phone-call-and-make-it-appear-to-come-from-another-phone) – Adi Jun 05 '13 at 13:14
  • I agree that it looks technically implausible. But could the phone have simply been switched with another at various times? It looks like the same phone with the same speed dial, but it isn't. – MZB Jul 16 '19 at 00:28

3 Answers3

21

Yes, it is possible and almost trivial to make your phone call appear to come from a different number. Since many calls originate from within internal networks (e.g. PBX systems), the phone companies have a mechanism allowing the caller to indicate which phone number the call originates from. Traditionally there has been no restriction on which outgoing number you use; it can be literally anything. Many call spoofing services exist specifically to capitalize on this offered latitude. The originating phone number should NOT be considered a form of authentication.

Note that it is also posible, with a bit of social engineering, to take over someone else's phone number completely; forwarding their calls and text messages to your phone, for example. This is why Kevin Mitnick has been so vocal about his assertion that cell phone numbers should not be considered a valid token in two-factor authentication.

tylerl
  • 82,665
  • 26
  • 149
  • 230
  • 4
    If you could check my edit for clarification. I thought spoofing a number could be easy but the trick is getting the call to appear to the network provider to originate from the other persons number and phone at their cell mast location, not appear that way to the call recipient. – Peanut Jun 05 '13 at 09:53
  • @Peanut the answer to *that* is going to be implementation-dependent. Such a thing may work with some carriers and not others. – tylerl Jun 05 '13 at 19:04
12

Just an idea, didn't try nor did a complete research:

  1. imagine an android, rooted.

  2. install a program that will receive VoIP calls on it. The phone actives such program when receives a SMS, or has a kind of service listening to connections, something like that.

  3. This same program is able to make phone calls.

  4. You can hide any indication in the screen that the program is running, that you are connected to internet, that the program is making the phone call.

So you are connecting to the phone via internet, encrypted, and no one (even the carrier) will be able to know if someone was "calling" you via voip. The phone will make the call and redirect the audio from the voip to it. To the carrier, it seams that your phone made the call.

Impossible? I don't think so.

Likely? It takes some specialized knowledge, don't think that could be common.

Detectable? You could analyze the cell phone and verify that it doesn't have the original firmware anymore. Don't know how easy would it be to discover this hidden program.

woliveirajr
  • 4,462
  • 2
  • 17
  • 26
3

Now I'm fairly sure from research I've done so far that even cloning a modern SIM card is difficult.

However, the SIM card can be chosen by the attacker. It may be an old, known-vulnerable model.

But say they did manage to clone it, even then I've seen it suggested having two phones on the network at once would trigger alarms for the network provider.

It should trigger an alarm on a properly setup network. But it may not be the case. I have heard cases of the network not even authenticating the number.

And remember that the innocent phone may be rigged. What if it was made to periodically disconnect itself from the network so that the fake calls can be placed? If anyone asks, we will blame the battery ☺

And even then there's the problem that the phone calls are being detected by the network provider as coming from the cell mast near the 'innocent' guy's location.

After taking all those steps we presume the attacker to have done, placing the actual call from a location nearby to the victim is the easiest step. Not to mention that the actual tower accuracy might be as bad as anywhere in the town X or its surroundings.

Ángel
  • 18,188
  • 3
  • 26
  • 63