How Hackers Use Your Cell # and 2-facor ID to Hack Your Phone

Morristown Minute
"NIST declares the age of SMS-based 2-factor authentication over."From (Devin Coldewey, 9:10 PM EDT•July 25, 2016)

From Morristown Minute

Two-factor identification allows for a user to log in to apps and secure websites using just their cell phone and a short code to confirm their identity. Once believed to be a secure method of confirming one's identity, hackers have found an ingenious way around 2Factor ID, and they can even use this simple method to hack your phone, gaining access to your passwords and accounts.

If you have received a message from someone you don't know asking you to confirm your phone number and relay a short "authentication code," DON'T DO IT. Perhaps you're selling something on Facebook and connect with a stranger. The stranger asks to confirm your cell number and sends you a text with a code to confirm. Your first red flag should be, "why does this person need to 'confirm' my phone number?"

The worst part of this hack, worse so than the hacker having full use and access to your phone and accounts, is that the hack can be done and carried out continuously without your knowledge. With a $16 piece of software, criminals can steal any and all information and your smartphone in minutes with access only to your mobile number.

So what can you do?

The best way to defend yourself from this hack is to stop using SMS (text) based 2-factor identification. Two-factor ID is still a useful tool, but with smartphones, most devices can perform 2-factor ID in a multitude of ways such as push notifications and apps. These methods of 2-factor ID are more secure and protected against this type of SMS hack. Many 2-Factor ID apps will supply a code that only lasts for a limited time and does not rely on SMS or public information.

If you believe you have been a victim of such a hack, change all passwords stored on your phone immediately. Download a 2-factor ID app like Microsoft Authenticator. You can also call your wireless provider and request a PIN for all accounts. This will prevent new accounts from being opened on your behalf without your knowledge.

For each of the major providers:

  • AT&T: Log into your account, go to your profile by clicking your name, and under the wireless passcode drop-down menu, click on “manage extra security.”
  • T-Mobile: Call 611 from your cellphone or (800) 937-8997 to speak with customer service.
  • Verizon: Visit Verizon or call (800) 922-0204."

-provider information from

Have you been hacked? Has someone sent you an authentication code and then disappeared? Let us know in the comments below.

For more information on how to protect yourself from hacks go to

Comments / 9

Published by

A local Morristown Online News Organization dedicated to Morristown locals and the news that matters to them

Morristown, NJ

More from Morristown Minute

Comments / 0