Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Can an iPhone be Hacked?

Use It

author photo

How to Tell if Your Phone Has Been Cloned

by on March 30, 2020
in Tips & How-Tos, Phones and Mobile, Privacy :: 12 comments

Techlicious editors independently review products. To help support our mission, we may earn affiliate commissions from links contained on this page.

Our phones are the key to our digital identity, so it’s no wonder that mobiles have become increasingly attractive targets for cybercriminals, who have at their disposal a fair number of ways to hack a smartphone, some of which require more access and technical savvy than others.

Phone cloning – or the copying of the identification credentials a phone uses to connect to cellular networks – is one method that usually requires the perpetrator to have direct access to a device.  That makes it less prevalent than, say, hacking an operating system vulnerability that hasn’t been updated, but the consequences are equal to that of most phone hacks – your personal data is exposed, with potential financial consequences or identity fraud.

What is phone cloning?

It’s worth distinguishing between “cloning” a phone’s data – which spy apps semi-legally offer as a way to spy on the photos, texts and calls of another device – and totally illegal phone cloning, which refers to the copying of a phone’s complete cellular identity and using it in another device.

In cloning a phone’s cellular identity, a criminal would steal the IMEI number (the unique identifier for every mobile device) from the SIM cards, or the ESN or MEID serial numbers. These identifying numbers are then used to reprogram phones or SIM cards with the stolen phone number.          

Then there’s also the emerging threat of SIM hijacking, where hackers who have access to stolen phone numbers call up carriers and impersonate account holders to get a new SIM the hacker controls. This method, which relies on social engineering tactics to find out personal information that carriers use to authenticate customer accounts, differs from the highly technical method for SIM (or phone) cloning, but the end result is the same – to gain control over someone’s phone service.

Once the perpetrator has control of the phone line, they can send messages and make calls that appear to be from that phone number, with the bill footed by the victim. If a cloned phone and the original are near the same broadcast tower, it could even allow the perp to listen in on any calls made by the victim – though that’s probably not the main driver for phone cloning.

The bigger danger is that text messages and calls intended for the rightful owner of the line can also be intercepted – including two-factor authentication codes that allow snoops to get access to critical accounts like email, social media and even banking. (The vulnerability of text messages is one reason why experts recommend other methods of two-factor authentication.)

Phone cloners might also target political figures for surveillance: in February this year, South African state security ministers were reported to have had their cellphones cloned, the crime was detected when several people reported receiving text messages from a minister who hadn’t sent them.

Or, cloned phones might be used to generate revenue, sold to people who aren’t aware they’ve purchased a fraudulent handset with stolen credentials.

How phones get cloned

Most phones have SIM cards whose IMEI numbers are protected by secret codes that prevent over-the-air interception. But if someone is able to remove the SIM card and place it in a SIM reader for a few minutes, they can copy all its identifying credentials to load onto a blank SIM. (This technically includes anyone who might get time alone with your device – but as with phone spying, you’re likely to have an inkling if there’s anyone who might want to do such a thing.)

Researchers have also found a vulnerability in the existing protocol that is used for over-the-air carrier updates. Though rarely used, this flaw could in theory allow hackers to remotely clone a SIM.

Some older phones are more vulnerable to remote attacks. Those running on 2G or 3G CDMA frequencies, which are used only by the Sprint and US Cellular networks (Verizon retired its CDMA network at the end of 2019), broadcast to the operator in a way that would allow special equipment – like a femtocell – to eavesdrop on the connection and intercept handset ESN or MEID serials.

That means older CDMA phones, such as flip phones or 3G-only regular and smartphones, that are locked to either Sprint or US Cellular may be at a slightly elevated risk of remote phone cloning. All that said, however, phone cloning is not as common as it was in the early days of mobile phone use, when the radio frequencies in use were much easier to eavesdrop on.

6 Signs that your phone might have been cloned

If you think your phone might have been cloned, check for these signs which can indicate someone else is using your cellular service, such as:

1. Receiving an unexpected text requesting you to restart your device

This may be the first sign that your phone or SIM has been compromised – restarting your device gives the attacker a window in which your device is off and they can load their phone with your cloned credentials.

2. Calls or texts on your cellphone bill that you don’t recognize

Any outgoing texts and calls made on the cloned device will seem to be coming from your phone number – and land on your bill. Even if you don’t have an itemized bill, international calls will show up here, so keep an eye on your monthly payments and double-check when you pay more than usual.

3. You stop receiving calls and texts

If someone else has control of your phone number, calls and SMSes may be diverted to their cloned device, or your cellular connection stopped entirely. Check this by having a friend or your partner call you to see if the call rings and if it comes through to your phone.

4. You see your device in a different location on Find My Phone

Logging into Find My iPhone or Google’s Find My Device can be a way to check on the integrity of your SIM. If your phone’s on your desk, but on the map appears to be somewhere else, someone else may be using your cell service. (Chances are, phone hackers would disable this setting, however.)

5. You get a message from your carrier saying your SIM has been updated

If your credentials have been activated on a new device, your network provider will probably send a message confirming your details have been updated – a major red flag if you haven’t done anything. This can also be the point at which you find your device no longer has cellular service. 

6. You’re mysteriously locked out of your accounts

You might even find someone has commandeered your email accounts and social media handles – as in a spat of Instagram hacks based on stolen phone numbers (in these cases, however, the SIMs were hijacked by attackers who had gleaned enough personal information online to fool carriers into switching over the SIM cards). Either way, someone having control over your phone service means they can do things like trigger a forgotten password, receive a two-factor authentication code to the phone number they now have access to, then change the password and access any account they know your login name for.

If the worst has happened and your phone has been cloned, you need to call your cellular provider. They should be able to detect and block the cloned device, because each handset has a unique radio fingerprint independent of that serial number that originally belonged to you.

Can you prevent phone cloning?

You can help protect your phone from this type of cloning by observing the same cybersecurity practices that keeps your online life safe:

  • Check that carrier texts are coming from legitimate numbers – for example, do they show up in the same message thread as previous carrier texts?
  • Train a skeptical eye on any text that requests you do something – are they worded in the way you would expect? What do Google search results have to say about the sender’s number?
  • Finally, treat your phone’s IMEI, ESN or MEID number like any other password - never send it to anyone or give it to any website you don’t trust.

Cloning isn’t the only way your phone can be compromised. If you have concerns about the security of your device, read our story on how to tell if your phone has been hacked.

[Image credit: phone hacking concept via BigStockPhoto]

Natasha Stokes has been a technology writer for more than 7 years covering consumer tech issues, digital privacy and cybersecurity. As the features editor at TOP10VPN, she covered online censorship and surveillance that impact the lives of people around the world. Her work has also appeared on BBC Worldwide, CNN, Time and Travel+Leisure.



Discussion loading

gravatar

Cloned

From Kammi Kothmann on April 08, 2020 :: 3:58 am

Im pretty sure my phone is cloned. i receive messages sometimes the day after they were sent. Voicemails i get later than they were made. i think i know who is doing it and im fixing to get a protective order put on them.

Reply

avatar

Probably not cloning

From Josh Kirschner on April 08, 2020 :: 12:23 pm

Delayed text messages and voicemails are not uncommon, and are usually due to issues on the carrier end. It’s much more likely that that is what’s happening to you versus phone cloning, which is very rare, only can be done with old devices, and wouldn’t necessarily result in delayed messages.

Reply

gravatar

My husband has everything on my phone

From Nancy on May 20, 2020 :: 2:17 am

I dont understand how he can get into everything it doesn’t matter how many times I change my passwords he can still see everything.  I don’t have anything to hide I just hate him creating things in his mind then attacking me for no reason how do I remove his access?

Reply

There's an easy explanation

From Rikki Lyn Fruen on June 23, 2020 :: 7:21 pm

Hi, Nancy. In my previous life, I had a similar situation. My now ex actually knew everything that I ever did on my computer and both verbally and physically abused me for it. It didn’t matter how many times I changed passwords, he always had access even when I was living over two hours away from him. I found later that he had at least a key stroke logger on my computer. He may have had other things going on as well, but that was the biggest problem for me. Got rid of the husband and the computer and I’ve never had another issue from him on that.
Several years later, my sister was going through a similar issue with her husband, only technology had advanced and he was able to log everything, key stroke and all, that went over their home network (think major computer geek). She got out of that, by calling me one day from the coffee shop on the corner and asking me to set up a new email account for her. She never accessed it or did anything referring to it while on the home network. For all I know, she may not have even used devices that touched it. She used that account to start remaking her digital life.
There are plenty of ways for him to know all of that stuff. You may want to consider what his motives are. You may not have anything to hide, but he is suspicious of something for some reason.

Reply

Cloned phone

From Paul Reynolds on June 28, 2020 :: 8:46 am

I have an idea who is doing this to my phone he is abroad
I have seen him take full control of my parters up address
How can I stop this I have delayed messages and texts from random people

Reply

gravatar

Get a hobby

From Urname on May 29, 2020 :: 5:10 am

I have a very good understanding of revenge and I must say that going and teaming up with hackers is cowardly, if getting revenge means that much to you why not get it by letting karma come along, on its own!!! Who to say that person who you want revenge on won’t just snap. Clearly they already did something to you to get you to the point of cloning there phone so who’s to say that person already didn’t or doesn’t have a conscience and won’t hurt someone????

Reply

coolstory

From Migdalia Irving on June 06, 2020 :: 10:01 pm

coolstory

Reply

gravatar

Hacked, cloned, stolen number, everything

From Noname on June 30, 2020 :: 7:28 pm

I have read several of these articles and for the most part all have been done to every device i own. My problem is the laptop. It was stolen cloned mirrored to the laptop i have in my possession now, I’d stolen along with devices specifically all my personal devices connected and link to the original laptop that has full control on calls, internet access, etc. Along with that all old devices have been stolen and intimate pics of my ex and i exposed in the web world with a major major leak of a medical issues that would cause attempted murder on my life bc it got leaked. Even if i get all new everything i still don’t have the source which is the original laptop to end this 5 months and still continuing hell of cyber take over that has now led above and beyond affecting me in the physical world to where i am trapped bc as a world we depend highly on technology to do simple task. I have called companies of my devices and providers of my phones and they say everything looks good on their end but these people are that great at what they do. To me they are pathetic thieves that feel like they have the power and control over a persons whole life and feel like they can destroy you by 1 single button or code they put in but in reality they are only setting themselves up for failure and getting their own selves ( this is a team of people i am talking about) caught up. If you have any true insight and not just more codes to put in to make me even more venerable or exposed and something that can truly correct the issue at had especially since I don’t have the original laptop i am all ears. I have nothing to hid at all .... its already been exposed. Even down to my i phone 11 has been compromised but no apple store will give me the time of day or are closed and their is only some much they can see on the phone since they are remotely looking at it and don’t physically have the device in their hand. Even if i did get a hold of them my call are limited and I don’t even know if it is apple or any of the companies I call are truly just that… the company i called.

Reply

gravatar

The group

From Frank on July 23, 2020 :: 5:59 am

This group is very large, they target people on ssdi or ssi or ones that are mentally challanged, they clone phones and run ur credit to make large purchases, bank accounts, fake checks, debit card skimming, get ur info from garbage can and make new accounts, there everywhere, my problem is I just stumbled across group, lots of herion users, in in Washington state and it’s happening to about 5 people that I know of and there making freinds with them, rob them, steal, get them hooked on drugs, get them kicked out, the landlord here is involved and I got physical proof, I am sueing them cuz trying to kick me out during covid, now I got attourny general involved and getting lots of threats, flat tires, keyed car, I’m very interested in hearing more, I found them on offer up and facebook

Reply

gravatar

I am going through same thing

From No name on July 24, 2020 :: 4:43 am

I am going through the same thing.feel free to comment back.im curious how u found them maybe it could help my situation

Reply

Not sure?

From Glenn Hardin on July 05, 2020 :: 6:12 pm

When I send texts, or unlock my device, or change a password, or read things on the screen, sometimes I think I hear my me neighbor reading the screen text or messages aloud. Any thoughts how to address it? It’s almost like they see what I’m sending and receiving sometimes sharing the on screen text with whoever is in the room with them?

Reply

gravatar

Phone has malware/Spyware

From Ashish Goyal on July 13, 2020 :: 8:53 am

Tried to remove malware and spyware but my phone is cloned, I get it back on my phone.  Credit card, personal info theft. Username, password theft. Watching me thru spyware. Listening to my conversation. Receiving fake calls. Fake chatting on text app, WhatsApp. Secrutinizing email. Deleting emails. Any solutions

Reply

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships
Newsletter Archive
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.

site design: Juxtaprose