phone number spoofing

XCell Security

Phone number spoofing
or changing

Blog icon written by XCell Technologies
Calendar icon

Published on April 03, 2019

Surprisingly, the phone number (which is called MSISDN in terms of mobile networks) is not stored on the SIM card, which only contains the SIM ID, called IMSI (International Mobile Subscriber Identity). Consequently, there is nothing that can be changed locally at the SIM level in a secure way. For this reason, XCell Stealth Phones can change/manipulate the IMSI, but not the phone number directly.

Hiding the caller ID is different from changing the phone number and depends on your cell phone and mobile network settings. The result is just an unknown call received by the call recipient.

HLR – Home Location Register – is a central database that contains details of every subscriber authorized in the core network, such as the MSISDN (phone number).

The HLRs store details of each SIM card issued by the mobile network operator. Each SIM card has a unique identifier, the IMSI, which is the primary key for each HLR record. The next important data associated with the SIM is the MSISDNs, which are the phone numbers used by cell phones to make and receive calls. The HLR data is stored as long as a subscriber remains with the mobile operator.

The MSISDN and the IMSI are two important numbers used to identify a mobile subscriber. The IMSI is stored in the SIM, which is the card inserted in the cell phone. Each IMSI uniquely identifies the mobile station, its home radio network, and the home country of the home radio network, while the MSISDN number is used to route calls to the subscriber.

For this reason, spoofing / changing phone numbers is possible only with the use of some apps and associated external / foreign servers and Internet connections, which dangerously weakens the security of the phone and your privacy. Why? Simply because a server or cloud is actually a foreign computer. Therefore, there is no way to check the security of the server or who is really behind it. Since we take cell phone security very seriously, we do not recommend faking phone numbers using a third-party application.

From a wiretapping perspective, it is not the phone number that is relevant, but the voice content of the phone call and the text content of the messages. And remember that wiretaps are usually referred to as IMSI catchers, not MSISDN catchers.

This is because it is not the phone number itself that is used as evidence against the user, but the audio recording of the phone call and the text content of the messages. Is that right?

From this point of view, phone number spoofing gives you nothing but a false sense of security.

Moreover, any surveillance warrant is issued by the court/judge based on the IMEI or IMSI, not on the phone number (if it is a cell phone). This is because the target can swap SIM cards in their cell phone in the hope that intercepting calls in this way will be avoided.

Hiding / spoofing the phone number does not mean that you are protected against call interception. Not at all. XCell Stealth Phones are effective against surveillance by law enforcement agencies, who obviously use different interception techniques than normal people think. If you use a GSM Interceptor, a law enforcement agency does not need to know your phone number to intercept your calls and messages. They only need the phone’s IMEI or SIM IMSI, which is easily collected over the air. That’s why our devices are equipped with dynamic IMEI and IMSI features.

Below is an example of the legislation that governs the lawful interception of communications. On page 25 and 27 it is clearly explained that not only the phone number is used when authorities issue interception orders, but also IMEI and IMSI, a fact that makes changing the phone number worthless when it comes to lawful interception.


Investigatory Powers Act 2016

Here you can see how mobile operators must comply with ETSI regulations that allow lawful interception. Please note on page 52 that other identifiers (such as IMEI, IMSI) are also used for lawful interception of phone calls:

Yes, we agree that changing / faking phone numbers can be useful as a prank or joke. And yes, even ordinary people who do not have technical means and knowledge can find out real phone numbers they are calling. But spoofing phone numbers will not really protect you from having your calls intercepted. Not to mention that professional call tapping can be done with the help of remotely installed spyware on your cell phone, where the phone number does not matter.

Let’s keep in touch!

We’d love to keep you updated with our latest news and offers

Further articles

XStealth Pro in progress image

New added special features

There’s a golden ticket for our users, and a backstage pass for our resellers that we’re sending to you so you can dive back into epic insights of the XStealth project.

A Smartphone running malicious code

FBI warning: VPN software flaw

Remember our warnings regarding VPN use and security flaws that all VPNs have? Now this: FBI warning: This zero-day VPN software flaw was exploited by APT hackers.


Cell phones that can’t be tracked?

The ability to hide your current location by showing your location elsewhere. Learn the difference between the real thing and unnecessary VPN apps. Find out more