Chinese demonstrate 'Ghost Telephonist' which lets hackers take over phone numbers
The team presented a scenario where one could reset a Google account password using a stolen mobile number.
Las Vegas, July 31: "Ghost Telephonist" which allows hackers to take over phone numbers and gather call and message content was demonstrated by a group of Chinese researchers in Las Vegas.
The demonstration was made on Sunday by the UnicornTeam researchers from 360 Technology, China's leading security company, at the ongoing hacker summit Black Hat USA 2017 here, reports Xinhua news agency.
In the team's presentation, security researchers introduced one vulnerability in CSFB (Circuit Switched Fallback) in 4G LTE network.
In the CSFB procedure, the researchers found the authentication step is missing.
"Several exploitations can be made based on this vulnerability," Unicorn Team wireless security researcher Huang Lin, told Xinhua.
"We have reported this vulnerability to the Global System for Mobile Communications Alliance(GSMA)".
The team presented a scenario where one could reset a Google account password using a stolen mobile number.
After hijacking a user's communication, researcher signed in the user's Google Email and clicked "forget the password". Since Google sends verification code to the victim's mobile, attackers can intercept the SMS text, thereby resetting the account's password.
The victim keeps online in 4G network unaware of the attack.
A lot of internet application accounts use verification SMS to reset the login password, which means an attacker can use a phone number to start password reset procedure then hijack the verification SMS.
According to the researchers, the attacker can also initiate a call or an SMS by impersonating the victim.
Furthermore, Telephonist Attack can obtain the victim's phone number and then use the phone number to make an advanced attack.
The victim will not sense being attacked since no 4G or 2G fake base station is used and no cell re-selection. These attacks can randomly choose victims or target a given victim.
Researchers say now they are collaborating with operators and terminal manufactures to fix this vulnerability. They also proposed many countermeasures to operators and Internet service provider as well.
IANS
-
Gold Rate Today 31 March 2026: Latest IBJA Benchmark And Tanishq, Kalyan, Malabar, Joyalukkas Rates -
Gold Rate Today 30 March 2026: IBJA Benchmark Rates, Tanishq, Kalyan, Malabar, Joyalukkas Prices -
Gold Silver Rate Today, 30 March 2026: City-Wise Prices, MCX Update On 24K Gold, 22K Gold And Silver -
LPG Crunch: Karnataka Brings New SOPs, Makes PNG Registration Mandatory for Businesses -
Hyderabad Gold Silver Rate Today, 30 March 2026: Check Fresh 24K, 22K, 18K Gold And Silver Prices In City -
Opinion Poll For Kerala Assembly Election 2026: Ldf Strength In Kannur And Kasaragod -
Tamil Nadu Polls 2026: Vijay Reveals Rs 645 Crore Assets, Rs 266 Crore in Banks; Know All His Declaration -
Mumbai Metro Line 9 Set for April 3 Launch, Dahisar-Mira Bhayandar to Get Direct Boost -
Hyderabad Gold Silver Rate Today, 31 March 2026: Gold And Silver See Fresh Movement, Check Latest City Rates -
Gold Silver Rate Today, 31 March 2026: City-Wise Prices, MCX Trend As Gold Rises And Silver Slips -
Rahul Arunoday Banerjee Autopsy Report: Actor Was Underwater For Over An Hour, Sand Found In Lungs -
Thunderstorm Warning In Delhi NCR: IMD Issues Orange Alert Amid Sudden Weather Shift
Click it and Unblock the Notifications
Sign in with Google