To successfully “hack” someone’s phone, you need to get them to take some action which allows a compromising exploit to be run on the phone. is it possible hack someone’s cell phone if you just know their phone number?
That means you need either physical possession of the phone (at which point, it’s a free-for-all), or you need to induce them to take some action.
So, if I wanted to compromise a phone, I’d use avariant.
Let’s say that I’m targeting, oh….. And all I have is his phone number.
I’d apply some social engineering and see if I could acquire the phone numbers of say oh, I dunno – someone who he’d trust. Maybeor or any of the senior staff at The Q.
With that in hand, I’d flange up a software suite, designed to install a dropper when opened in a web browser, from which I’d be able to proceed to take over his phone.
Now, how to get it to him? Hmm. Craft a faked-up Quora page, possibly by “stealing” a real Quora page, and then sending a link in an SMS message with fake CallerID making it look like it’s from someone he trusts “Hey, Jonathan, read this and consider it for publishing”. My link would use the Quora link-shortener, but mis-spelled, he’d miss that, and click on it.
And. His. Ass. Is. Mine.
There’s a further supposition in there. That I can figure out how to penetrate his phone from a dropper on a web page. So far, that’s not “a thing” except for phones which have been “jail broken” or which have other software installed which make that possible.
So the confidence interval goes from “not at all” if he’s rocking a stock iPhone to “pffft. cake” if he’s on a older release of Android that’s jailbroken.
But if I can somehow get him to install an app I’ve written…. the odds of my success in hacking him go way up.
Same issue, though. Most iPhone users are really good about only installing stuff from the AppStore, which means I either have to be really, really good at this (and have a pile of time to devote to it), or it’s not going to happen. Android, on the other hand, where you can just download and run APK files from literally anywhere (you do have to have the user bypass the “are you sure you want to do this?” warning, but hey by this point you’re an old pro at that) it’s cake, if the user is willing to do what you want them to do.
And it all starts with a text message, to a phone number.
Do note: you can effectively take control of someone’s phone NUMBER, but not their phone, with other nefarious techniques. You can read about that here ->Contact Us