Our phones are the key to our digital identity, so it’s no wonder that mobiles have become increasingly attractive targets for cybercriminals, who have at their disposal a fair number of ways to hack a smartphone, some of which require more access and technical savvy than others.
Phone cloning – or the copying of the identification credentials a phone uses to connect to cellular networks – is one method that usually requires the perpetrator to have direct access to a device. That makes it less prevalent than, say, hacking an operating system vulnerability that hasn’t been updated, but the consequences are equal to that of most phone hacks – your personal data is exposed, with potential financial consequences or identity fraud.
What is phone cloning?
It’s worth distinguishing between “cloning” a phone’s data – which spy apps semi-legally offer as a way to spy on the photos, texts and calls of another device – and totally illegal phone cloning, which refers to the copying of a phone’s complete cellular identity and using it in another device.
In cloning a phone’s cellular identity, a criminal would steal the IMEI number (the unique identifier for every mobile device) from the SIM cards, or the ESN or MEID serial numbers. These identifying numbers are then used to reprogram phones or SIM cards with the stolen phone number.
Then there’s also the emerging threat of SIM hijacking, where hackers who have access to stolen phone numbers call up carriers and impersonate account holders to get a new SIM the hacker controls. This method, which relies on social engineering tactics to find out personal information that carriers use to authenticate customer accounts, differs from the highly technical method for SIM (or phone) cloning, but the end result is the same – to gain control over someone’s phone service.
Once the perpetrator has control of the phone line, they can send messages and make calls that appear to be from that phone number, with the bill footed by the victim. If a cloned phone and the original are near the same broadcast tower, it could even allow the perp to listen in on any calls made by the victim – though that’s probably not the main driver for phone cloning.
The bigger danger is that text messages and calls intended for the rightful owner of the line can also be intercepted – including two-factor authentication codes that allow snoops to get access to critical accounts like email, social media and even banking. (The vulnerability of text messages is one reason why experts recommend other methods of two-factor authentication.)
Phone cloners might also target political figures for surveillance: in February this year, South African state security ministers were reported to have had their cellphones cloned, the crime was detected when several people reported receiving text messages from a minister who hadn’t sent them.
Or, cloned phones might be used to generate revenue, sold to people who aren’t aware they’ve purchased a fraudulent handset with stolen credentials.
How phones get cloned
Most phones have SIM cards whose IMEI numbers are protected by secret codes that prevent over-the-air interception. But if someone is able to remove the SIM card and place it in a SIM reader for a few minutes, they can copy all its identifying credentials to load onto a blank SIM. (This technically includes anyone who might get time alone with your device – but as with phone spying, you’re likely to have an inkling if there’s anyone who might want to do such a thing.)
Researchers have also found a vulnerability in the existing protocol that is used for over-the-air carrier updates. Though rarely used, this flaw could in theory allow hackers to remotely clone a SIM.
Some older phones are more vulnerable to remote attacks. Those running on 2G or 3G CDMA frequencies, which are used only by the Sprint and US Cellular networks (Verizon retired its CDMA network at the end of 2019), broadcast to the operator in a way that would allow special equipment – like a femtocell – to eavesdrop on the connection and intercept handset ESN or MEID serials.
That means older CDMA phones, such as flip phones or 3G-only regular and smartphones, that are locked to either Sprint or US Cellular may be at a slightly elevated risk of remote phone cloning. All that said, however, phone cloning is not as common as it was in the early days of mobile phone use, when the radio frequencies in use were much easier to eavesdrop on.
6 Signs that your phone might have been cloned
If you think your phone might have been cloned, check for these signs which can indicate someone else is using your cellular service, such as:
1. Receiving an unexpected text requesting you to restart your device
This may be the first sign that your phone or SIM has been compromised – restarting your device gives the attacker a window in which your device is off and they can load their phone with your cloned credentials.
2. Calls or texts on your cellphone bill that you don’t recognize
Any outgoing texts and calls made on the cloned device will seem to be coming from your phone number – and land on your bill. Even if you don’t have an itemized bill, international calls will show up here, so keep an eye on your monthly payments and double-check when you pay more than usual.
3. You stop receiving calls and texts
If someone else has control of your phone number, calls and SMSes may be diverted to their cloned device, or your cellular connection stopped entirely. Check this by having a friend or your partner call you to see if the call rings and if it comes through to your phone.
4. You see your device in a different location on Find My Phone
Logging into Find My iPhone or Google’s Find My Device can be a way to check on the integrity of your SIM. If your phone’s on your desk, but on the map appears to be somewhere else, someone else may be using your cell service. (Chances are, phone hackers would disable this setting, however.)
5. You get a message from your carrier saying your SIM has been updated
If your credentials have been activated on a new device, your network provider will probably send a message confirming your details have been updated – a major red flag if you haven’t done anything. This can also be the point at which you find your device no longer has cellular service.
6. You’re mysteriously locked out of your accounts
You might even find someone has commandeered your email accounts and social media handles – as in a spat of Instagram hacks based on stolen phone numbers (in these cases, however, the SIMs were hijacked by attackers who had gleaned enough personal information online to fool carriers into switching over the SIM cards). Either way, someone having control over your phone service means they can do things like trigger a forgotten password, receive a two-factor authentication code to the phone number they now have access to, then change the password and access any account they know your login name for.
If the worst has happened and your phone has been cloned, you need to call your cellular provider. They should be able to detect and block the cloned device, because each handset has a unique radio fingerprint independent of that serial number that originally belonged to you.
Can you prevent phone cloning?
You can help protect your phone from this type of cloning by observing the same cybersecurity practices that keeps your online life safe:
- Check that carrier texts are coming from legitimate numbers – for example, do they show up in the same message thread as previous carrier texts?
- Train a skeptical eye on any text that requests you do something – are they worded in the way you would expect? What do Google search results have to say about the sender’s number?
- Finally, treat your phone’s IMEI, ESN or MEID number like any other password - never send it to anyone or give it to any website you don’t trust.
Cloning isn’t the only way your phone can be compromised. If you have concerns about the security of your device, read our story on how to tell if your phone has been hacked.
[Image credit: phone hacking concept via BigStockPhoto]
Cloned
From Kammi Kothmann on April 08, 2020 :: 3:58 am
Im pretty sure my phone is cloned. i receive messages sometimes the day after they were sent. Voicemails i get later than they were made. i think i know who is doing it and im fixing to get a protective order put on them.
Reply
Probably not cloning
From Josh Kirschner on April 08, 2020 :: 12:23 pm
Delayed text messages and voicemails are not uncommon, and are usually due to issues on the carrier end. It’s much more likely that that is what’s happening to you versus phone cloning, which is very rare, only can be done with old devices, and wouldn’t necessarily result in delayed messages.
Reply
Clone
From Marva Jane Theus on November 13, 2020 :: 5:41 am
My phone screen flashes when I go to certain pictures and certain text conversation…. My account is locked up and disable cause of the wrong passwords… It freezes and quite often pics and files are suddenly no longer in my phone
Reply
Same problems ! The ex and the new
From Angelica on November 23, 2020 :: 7:05 am
I’m sorry , I feel you . I am experiencing the same things . I have test and am milk her to gain access to my phone . Smh ! I know it’s my husband ... playing willing games . Uses my SIM card ! Cloned my phone ! Getting ready to validate this with an old time FEDeral friend and I’ll go from there . I’ll let you know the results ...
My phone definitely cloned
From Josie Gomez on August 05, 2021 :: 5:12 am
Aside from them changing my recovery number on Facebook making it impossible for me to verify its my account and it’s going to be deleted tomorrow if I can’t access it, I found 2 logins with the same phone. One has the picture of my phone, but the other was a different style phone but listed as an LG ThinQ like mine. Files have been deleted, modified or created. Then all my files, pictures and apps I found in a folder in my laptop. Then files that have sensitive information from clients with their banking, Passports, etc which I had put them all on a removable disk, where all on my laptop. These are 2015 files and my laptop is from 2019. It’s been going on every single day and I don’t know what to do.
Hacked??
From Butwhylil on October 22, 2022 :: 1:42 am
Give been experiencing the same problem for a few years now.my phones says t mobile not responding or my passwords are never working. I took it to metro in Memphis but they just said download an virus app. I fear in in danger and the people that murdered my family is the people around i fear my husband is being controlled by a family off cops that are trieng to set us up so we can’t testify these are the people that hurt us when I was little. Help me please.[personal information redacted]
Please we may be on catilina island or Cj tn
Not true
From Chad Vandine on February 14, 2021 :: 12:44 am
My Aristo 5 was cloned onto an ihpone 11 somehow and was being used with roaming charges in Africa!
Reply
Hack Attack
From Dora on June 01, 2021 :: 12:55 pm
Im confused. Why would you say only older phones cam be cloned? I had to send my phone in for repair. I was told by the 1st repair guy it was a cloned imei he believed. Is that not true?
Reply
Newer phones can't be remotely cloned
From Josh Kirschner on June 01, 2021 :: 7:47 pm
What we said was only older phones can be “remotely cloned”. It’s possible if someone has physical access to your phone that they may be able to clone the SIM on newer devices. I would be curious to know how the repair guy determined your phone had been closed.
What about if you get
From Kelly on August 05, 2021 :: 8:02 am
What about if you get random messages that your FaceTime is being used on another phone. And that your device has been signed in on another device. How do I stop this!?
Reply
Sounds like an Apple ID issue
From Josh Kirschner on August 05, 2021 :: 6:56 pm
If you are getting a message saying your FaceTime is being used on another device, that sounds like your Apple ID may be compromised. Did you recently set up an Apple Watch or Mac with your Apple ID? If not, you should immediately change your Apple ID credentials. And always make sure you have two-factor authentication set up for your Apple ID to protect it.
Bit too defensive
From You know on September 01, 2022 :: 11:43 am
You are giving out no vibes of goodness….only excuses as to why U think it can’t be cloning….you are evil…you do it in large numbers…you are one of the cloning cunts yourself
Reply
Cloned and more!!
From Paula on October 02, 2022 :: 7:56 am
About two months ago my iphone started to do all kinds of things on its own and I kept getting security alertrs from my accts, etc etc… I reached out to anyone I could possibly think that could be a help or lead me to it… Well needless to say I got nowhere, mostly because everything required to go online and I could not do that with my devices, my husbands, I even went to family’s houses, libraries… This all sounded bizarre and I knew it was happening but nobody else did , I guess I can understand.. well here I am two months Into it and now my identity is exposed, I have bought 5 going on 6 cell phones in less than 2 months, and I have 3 smart tvs and they are all not working correctly and have installed software on them and I have no idea what to do or where to turn.. my phone keeps turning on sharing,, like location sharing, photo sharing, web activity share, and all kinds of weird permissions that I never even seen. Can someone please let me know what this is and how to stop it
Reply
Change providers!!
From PV on October 04, 2023 :: 5:35 pm
You’re living with a narcissist! Who will make every attempt to destroy your life! Get a restraining order and he’s tracking your device and he’s probably also in your Internet at home. That’s how he reconnect to your phone reset all of your wireless devices at home to brand new while your phone is off use cellular at home only not wireless and change providers on your wireless network, check your phones privacy settings if it’s an android you’re in trouble because of Google play services permissions if it’s an iPhone just take it to APPLE and have them give you a new Sim card and reset it change your ID and your password once you change providers everything changes your IP address. And if your phone is on his account, you’re not ever gonna get away from him.