1

I have received call from international number (0012024558888). After receiving it I cut the call as it was irrelevant to me and I did not give any information to them. Now I doubt it as spam/scam call. My question is that can they hack personal information from my mobile (like messages etc,.)?

Sjoerd
  • 28,707
  • 12
  • 74
  • 102
Amrutha
  • 11
  • 4
  • 1
    Possible duplicate of [Is it dangerous to call spam phone numbers, even if you know they're spammers?](http://security.stackexchange.com/questions/113064/is-it-dangerous-to-call-spam-phone-numbers-even-if-you-know-theyre-spammers) – techraf Jan 01 '17 at 12:09

2 Answers2

3

Very unlikely. I have never heard of an exploit in any cellphone operating system which can be exploited by taking a call from a malicious caller. If there were something like that, it would likely have made some news headlines, because it would be a huge vulnerability which would affect millions of end-users and would likely get widely exploited not just by criminals but also by juvenile pranksters.

It's not possible to prove a negative, though. Maybe there is some obscure vulnerability I have never heard of. But that's really nothing you should worry about unless you are a target which is so valuable that you are worth burning a zero-day exploit on.

Philipp
  • 48,867
  • 8
  • 127
  • 157
1

AFAIK, as Philipp said, there are no known exploits from simply receiving a phone call. It is possible to exfiltrate data from a compromised computer via a voice channel but that isn't really very useful with a mobile phone as you would be unlikely to know whether the phone was in the vicinity of the machine.

It might be interesting to know about the caller though ...

The number you've given is one of Google's used for verifying identity in two-factor authentication.

There are 3 possibilities I can think of:

  1. You turned on or otherwise triggered Google 2FA. In that case, the call was legitimate even if unexpected.

  2. Someone else managed to turn on or trigger Google authentication on your Google account. In that case, perhaps someone is trying to mess with you.

  3. The number identification was spoofed to get around call blockers. As caller-id spoofing is all too easy, this is a very likely scenario.

Personally, I always wait for a second or two when answering a call from an unrecognised number. This is usually enough to know whether you are being cold called.

Julian Knight
  • 7,092
  • 17
  • 23
  • >was spoofed to get round call blockers what do you mean by "round call blockers?" Is that supposed to make it so that the OP would block Google's authentication call and wouldn't be able to actually authenticate (would assume Google has many many many numbers to call from). – XaolingBao Jan 01 '17 at 14:25
  • Most phone systems now have call blocking capabilities. But they are of little use if the caller is spoofing their id since it looks like a legitimate number (in this case the number that Google use to authenticate you) which you would not want to block. Caller-id spoofing might also present a different, random number each time which you couldn't block without blocking all numbers (except those in your phonebook). – Julian Knight Jan 01 '17 at 14:33
  • Thanks for the information. Just wasn't sure what that term meant never heard of "Round call" before :). I believe Google(at one point) also provides special numbers people can use for spoofing. Are we sure that this isn't a case of that? Are we sure that this "Google number" is actually an authentication attempt, and not just a spoof for malicious purposes? – XaolingBao Jan 01 '17 at 14:42
  • Sorry @XaolingBao, cultural/colloquial English issue there. I probably should have written "get around call blockers" - I will edit accordingly. – Julian Knight Jan 01 '17 at 14:45
  • No worries glad we figured that out, enjoy the new year. – XaolingBao Jan 01 '17 at 15:28
  • :-) BTW, to answer your previous Q, no you can't be sure either way without knowing more about the call the OP received. If it was from a person, that would make it clear it is a fake number. – Julian Knight Jan 01 '17 at 15:30
  • So in reality there could be any number of numbers that could belong to Google, and could more than likely have been a prank. – XaolingBao Jan 01 '17 at 18:16
  • Yes, could be anything. My money would be on a false ID. – Julian Knight Jan 01 '17 at 20:18