Skip to main content

I put in *#21# in my smartphone's dialer, and it says everything is forwarded?! Should I be alarmed?

Short answer: No. 

Long answer: GSM phones let you put in these dialer codes to change some settings. The codes, collectively, are known as USSD (unstructured supplementary service data) codes, sometimes called "quick codes". These settings are NOT in your phone, but on your mobile carrier's computer as a part of your account. 

Generally speaking, USSD codes are used to add or remove service, or change some settings for the service. Some carriers use it for payment notification and payment status. Actual active codes are dependent on the carrier. As this is often used to just show the status of something it's also called interrogation codes, or feature access codes. 

So what does *#21# actually do (note: it's actually asterisk - hash - two - one - hash)? It shows the status of call forwarding set to the five types of calls you get: voice, SMS, fax, data, and system. (NOTE: some phone vendors only show voice, SMS and data, not fax or system)

And in all cases, it *should* say "all forwarded". Because, remember, these are settings for your account on the carrier's computer, NOT YOUR PHONE! Of course you want all those forwarded TO YOUR MOBILE PHONE! 

Some unscrupulous antivirus providers, to drum up sales of their products, have articles on their website with alarming titles such as "What number to dial to see if your phone is being tapped". I am NOT linking to that crap content. 

This misinformation was passed on by alarmist content creators who had absolutely NO technical background to verify what they are passing on. As a result, such misinformation are passed onto people on Tiktok, Instagram, Facebook, and other social media such as Reddit. 

USAToday did a factcheck on this very issue. Their conclusion is clear: false. This code only shows if a phone has call forwarding enabled. It does NOT tell you anything about a security breach. 

If you are scared, you can enter another code to disable call forwarding. You may lose features like voicemail, but whatever lets you sleep at night. 

In fact, Howtogeek has a list of the common short codes (for iPhones), and most carriers will have their own listed at their own websites (albeit, may be listed under feature codes, short codes, or access codes)

Don't believe everything you read, even on an alleged "reputable" website. 

Labels:

Comments

Post a Comment

Popular posts from this blog

I finished Google Cybersecurity Certificate in 5 Days. What did I learn?

As of May and June 2023, there were a lot of buzz about the Google Cybersecurity professional certificate issued in conjunction with Coursera.  So I took the 8 course certificate program, and I was able to finish it in 5 days (May 31st to June 4th), which is so fast, it was within the 7 day trial period, so I did not pay anything (normally $49.00 USD).  I did go in with a couple unfair advantages: * I already know SQL * I already know Python * I was an IT professional  * I have taken a cybersecurity intro course before * I was also between jobs so I have a LOT of time to dedicate to studying * I have taken many Coursera courses before (back in early 2020) So is the course any good? I think it is a good course for people who have no idea what to expect, and this will give them a taste on what a job in cybersecurity will involve. The video lectures are relatively short, and there were a LOT of emphasis on the non-traditional non-technical background of many of the Google em...
Post a Comment
Read more

I Got Both Google Cybersecurity and and ISC2 Certified in Cybersecurity. Should You?

The Google Cybersecurity Certificate and the ISC2 Certified in Cybersecurity are two of the most popular cybersecurity certifications available. Both certifications cover a wide range of topics, including network security, application security, and security operations. However, there are some key differences between the two certifications. Both Google Cybersecurity Certificate and the ISC2 Certified in Cybersecurity are considered entry-level certifications The Google Cybersecurity Certificate is very friendly for people who did not come from a computer background, but if you already know IT, Linux, SQL, or Python, you will have an advantage here. You will also learn some practical cybersecurity tools, such as SIEM and Splunk log reading, and you will end up trying to write incident report logs, short analysis reports, and so on.   The ISC2 Certified in Cybersecurity is more focused on theoretical and base level knowledge, with a bit more discussion on the differences among in...
Post a Comment
Read more

I finished "Certified in Cybersecurity" by ISC2 in (ahem!) 2.5 days, and passed the exam. What did I learn?

I decided to look into another introductory cybersecurity certification after finishing the Google Cybersecurity Professional Certificate back in June in 5 days. Took me a while due to other obligations, but I finally decided on "Certified in Cybersecurity" by ISC2, and I started last Thursday.  I finished all coursework by Saturday, and I was waiting for the peer-graded assignments to be graded. That was when I realized this is only half the battle (yes, I am quite bad at research sometimes). This is a prep course for the actual ISC2 CC certification exam, and that cost $199.  So I went on Google to look for a discount code, as there often are for these.  That is when I found that ISC2 is doing a "One Million CC" initiative... It will give away 1 million CC prep course and exams absolutely free to people around the world. It's even available in languages such a Spanish, German, Chinese, and Japanese, in addition to English! That's right... the self-paced C...
Post a Comment
Read more