Boris Johnson's phone: what can hackers do with your mobile number?
,
Boris Johnson鈥檚 personal phone number has been publicly available on the internet for 15 years, . Listed at the bottom of a 2006 press release, the number has reportedly been accessible online from the time the prime minister was shadow higher education minister through to his rise to Number 10.
That such a high-value mobile number has been publicly available for so long has raised cybersecurity concerns. If hostile states had access to the number, it鈥檚 possible they could have used it to spy on the prime minister. That would pose a to the UK.
Hackers and cybercriminals place a high premium on our mobile phone numbers 鈥 with which they can do a lot of damage with very little effort. While there is currently no evidence that Boris Johnson鈥檚 data and communications have been compromised, having your mobile phone number being freely available significantly increases your .
Impersonation
One such cyber-attack is the 鈥溾 鈥 a very common technique that鈥檚 difficult to stop. It鈥檚 usually used by hackers to exploit a high-value individual鈥檚 exposed phone number.
SIM swaps see hackers call up the victim鈥檚 mobile phone provider, impersonating them and requesting to 鈥溾 the phone number to a different carrier or a new SIM card. They can use other publicly available information 鈥 such as the victim鈥檚 date of birth and their address 鈥 to make a more convincing case.
On completion of the port-out, the phone number activates on the attacker鈥檚 SIM card, and the hacker can send and receive messages and make calls as if they were the victim.
Phone companies have been aware of this problem for years, but the only routine solution they鈥檝e come up with is offering PIN codes that a phone owner must provide in order to switch devices. Even this measure has proved ineffective. Hackers can get the codes by bribing phone company employees, for instance.
Access
Once hackers gain control of a phone number, they can then access their online profiles 鈥 on Facebook, Twitter, Gmail and WhatsApp 鈥 which are all usually linked to the mobile number. All they need to do is ask the social media companies to send a temporary login code, via text message, to the victim鈥檚 phone.
This was reported to be the case for , whose mobile phone SIM swap resulted in hackers posting offensive messages to millions of his followers. Other high-value individuals have also fallen victim to these kinds of attacks, including the actress , and online personalities like and .
Read more:
Aside from posting offensive messages, hackers have been reported to use the accounts to spam, steal identities, access private communications, steal cryptocurrency, and maliciously delete mobile phone data.
Surveillance
Hackers can also use another even simpler method to attack a phone 鈥 though some is needed to make the attack stick. Hackers armed with someone鈥檚 phone number can send them a text message with a hyperlink within it. If clicked, the link allows spyware to infiltrate the phone, compromising much of its data.
It appears this method was used to infiltrate and spy on Jeff Bezos鈥 phone in 2020, after reports found it to be 鈥渉ighly probable鈥 that a , the crown prince of Saudi Arabia, delivered the spyware to Bezos鈥 phone. Similar spyware has been used to monitor the phones of .
It is possible that Boris Johnson鈥檚 mobile phone has never been hacked, in spite of the 15 years that his number was freely available online. However, seeing as the exposed phone numbers of high-value individuals can be taken advantage of by criminals or hackers from hostile states, tight new security measures should be put in place to avoid such an oversight happening again.
, Principal Academic in Computing,
This article is republished from under a Creative Commons license. Read the .
