Worried your phone has been hacked? Whether you're on Android or one of Apple's smartphones, there are specific codes you can dial right now to check. In this guide, I'll walk you through 10 USSD codes that reveal whether your calls or messages are being forwarded without your knowledge, what each result means, and what to do if you find something suspicious.
One important thing to know before you start: USSD codes check your call forwarding settings. They cannot detect spyware, Remote Access Trojans (RATs), or most modern forms of malware. If a code comes back clean, that's reassuring, but it doesn't guarantee your phone hasn't been compromised in other ways. For full protection, pair these checks with a reputable mobile security app.
Quick Reference: Codes to Check if Your Phone is Hacked
| Code | What It Checks | Works On | Safe Result |
|---|---|---|---|
| *#06# | Your IMEI number | Android + iPhone | Matches the number on your box or SIM tray |
| *#21# | Unconditional call forwarding (all calls) | Android + iPhone | "Not active" or blank |
| *#61# | Forwarding when you don't answer | Android + iPhone | Voicemail number only, or not active |
| *#62# | Forwarding when phone is off or unreachable | Android + iPhone | Voicemail number only, or not active |
| *#67# | Forwarding when line is busy | Android + iPhone | Voicemail number only, or not active |
| *#004# | All conditional forwarding at once | Android + iPhone | All settings show "not active" or voicemail |
| ##002# | Disables ALL call forwarding | Android + iPhone | Use this to clear any suspicious forwarding |
| *#*#4636#*#* | Phone info, battery stats, app usage (Android) | Android only | No unfamiliar apps in usage stats |
| *#*#197328640#*#* | Network connection details (Android) | Android only | Normal carrier network values |
| *3001#12345#* | Field Test Mode: signal and network details (iPhone) | iPhone only | Normal carrier values, no anomalies |
If any of the forwarding codes (*#21#, *#61#, *#62#, *#67#) show a number you don't recognize, dial ##002# immediately to disable all forwarding, then change your passwords and contact your carrier.
Signs Your Phone May Have Been Hacked
Before you start dialing, it helps to know what to look for. These symptoms don't confirm a hack on their own, but two or three together is a strong signal something is wrong.
1. Unexplained Data Usage
If you're going over your data limit without a clear reason, it could mean malware is running in the background and sending information to a third party. Check your data usage in Settings and look for any app consuming more than it should, especially if you haven't opened it recently.
2. Rapid Battery Drain
A battery that dies faster than usual, even with light use, is one of the most common signs of malware. Spyware runs constantly in the background, which puts a heavy drain on your battery. Rule out other causes first, like a faulty battery or an active VPN, but if the drain is sudden and unexplained, it's worth investigating.
3. Phone Running Hot
A phone that feels warm or hot when you're not actively using it can indicate a process running in the background that shouldn't be. This is especially common when connected to an unfamiliar wifi network, where background processes may be more active. Paired with battery drain, this is a red flag worth taking seriously.
4. Unexpected App Activity
Go through your installed apps and look for anything you don't remember downloading, or any app that has been active recently when you haven't used it. Malicious apps are sometimes disguised as tools with vague names, and some request permissions for your camera or microphone that have no connection to what the app claims to do. If you see something unfamiliar or an app asking for permissions it shouldn't need, delete it and run a security scan. Unexpected pop ups appearing across different apps, even when you're not browsing, are another common indicator of adware or malware on the device.
5. Suspicious Texts or Calls
If your contacts are receiving messages or calls from your number that you didn't send, or if you're receiving verification codes for online accounts you didn't try to log into, your phone may be compromised. This is also a sign of SIM swapping, a common method hackers use to take over phone numbers.
What Are USSD Codes?
USSD stands for Unstructured Supplementary Service Data. These are short codes, sometimes called quick codes or feature codes, that communicate directly with your mobile carrier's network without needing an internet connection. They start with * or # and end with #.
When you dial a USSD code, your phone sends the request to your carrier and displays the response as a pop-up message. They're built into every GSM phone and are completely safe to use. Dialing them does not notify anyone, including any potential hacker.
For the purposes of security checks, the most useful USSD codes are those that reveal your call forwarding settings. Call redirection is one of the most common tactics in a phone hack, allowing someone to intercept your communications and two-factor authentication codes without ever touching your device.
USSD Codes to Check if Your Phone is Hacked
1. *#06#: Check Your IMEI Number
Your IMEI (International Mobile Equipment Identity) is a unique 15-digit number assigned to your specific device. Dialing *#06# displays it immediately.
The IMEI itself won't tell you if your phone is hacked, but it's the first thing you'll need if your phone is stolen or if you need to file a police report. Compare the number shown to the one printed on your phone's original box or on the SIM tray. If they don't match, your device may have been tampered with.
What to do: Write this number down and store it somewhere you can access without your phone.
2. *#21#: Check Unconditional Call Forwarding
This is the most important code to check first. Dialing *#21# shows whether all your incoming calls and texts are being automatically redirected to another number, regardless of whether your phone is on or off.
This is a common tactic hackers use to intercept verification codes sent by text or voice call, effectively defeating two-factor authentication.
Safe result: The display should show "Not active" or be blank. If it shows a phone number you don't recognize, that's a serious red flag.
What to do if positive: Dial ##21# to disable unconditional forwarding, then immediately dial ##002# to clear all forwarding settings at once.
3. *#61#: Check Forwarding When You Don't Answer
This code checks whether calls are being forwarded to another number when you don't pick up. A result showing your voicemail number is normal. A result showing any other number is not.
What to do if positive: Dial ##61# to disable this forwarding, or dial ##002# to clear all forwarding at once.
4. *#62#: Check Forwarding When Phone is Off or Unreachable
This code checks where your calls go when your phone is switched off, in airplane mode, or out of signal range. Again, voicemail is normal. Anything else is not.
Hackers use this setting specifically because the phone owner often doesn't notice (the phone is off, so there's no alert).
What to do if positive: Dial ##62# to disable this forwarding, or dial ##002# to clear everything.
5. *#67#: Check Forwarding When Line is Busy
This code shows where calls go when you're already on another call. Scammers use this setting to intercept calls and texts you receive while your line is in use, including one-time passcodes.
What to do if positive: Dial ##67# to disable this specific forwarding.
6. *#004#: Check All Conditional Forwarding at Once
Instead of checking each forwarding type individually, *#004# gives you a complete picture of all your conditional forwarding settings in one screen. This is the quickest way to do a comprehensive check.
What to do if any setting shows an unrecognized number: Dial ##002# to disable all forwarding immediately.
7. ##002#: Disable All Call Forwarding
This is not a diagnostic code, it's a fix. Dialing ##002# removes all call forwarding settings from your account in one step. If any of the checks above returned a suspicious result, this is the first thing you should dial.
After dialing it, you should see a confirmation message that all forwarding has been erased. Re-run *#004# afterward to confirm everything is clear.
8. *#*#4636#*#*: Phone Information Menu (Android Only)
This code opens a hidden information menu on most Android phones with four sections: Phone information, Battery information, Usage statistics, and Wi-Fi information.
It's not a direct malware detector, but the Usage statistics section can be revealing. If you see an unfamiliar app that has been running frequently in the background, that's worth investigating. The battery information can also show unusual discharge patterns consistent with background activity.
What to look for: Unfamiliar apps in usage stats, unusual battery drain history, or unexpected network connections.
9. *#*#197328640#*#*: Network Utility Menu (Android Only)
This code opens a network utility menu that shows detailed information about your current cellular connection, including signal strength and the network identifiers your phone is connected to.
This is a diagnostic tool for advanced users, not a simple yes/no hack detector. It shows technical network details that can indicate if your phone is connected to an unexpected cell tower or network, which may point to a man-in-the-middle interception attempt. However, interpreting the results requires some technical knowledge.
What to look for: Unexpected or unrecognized network names, or signal routing that doesn't match your normal carrier.
10. *3001#12345#*: Field Test Mode (iPhone Only)
On iPhones, this code opens Field Test Mode, which shows detailed information about your cellular signal, network connection, and carrier data. It's the iPhone equivalent of the Android network utility menu.
Press the call button after entering the code. You'll see a screen with tabs for different connection details. Like the Android network menu, this is most useful if you have a reason to suspect your connection is being intercepted and want to check the technical details of what network your phone is attached to.
To exit Field Test Mode, press the Home button (older iPhones) or swipe up from the bottom (Face ID models).
What To Do If You Find a Problem
If any of the forwarding codes showed a number you don't recognize, work through these steps in order.
First, dial ##002# to disable all call forwarding immediately. This stops the interception right away. Then create strong passwords for every account stored on your phone, starting with your email, banking apps, and any account that uses SMS two-factor authentication, since those verification codes may have been intercepted. Contact your mobile carrier and let them know you suspect unauthorized call forwarding was set up on your account. They can review activity logs and lock your account against further changes. Finally, run a reputable mobile security scan to assess your overall device security. Free options from Norton, Bitdefender, and Malwarebytes are available for both iOS and Android.
If you're receiving login alerts for accounts you didn't try to access, there's a possibility your phone number was SIM swapped, which is a more serious attack than call forwarding. In that case, contact your carrier immediately and ask them to add a SIM lock (also called a port freeze) to your account.
How To Keep Your Phone Secure Going Forward
- Keep your OS and apps updated. Software updates patch security vulnerabilities that hackers actively exploit. On both iOS and Android, enable automatic updates so you're never running a version with known flaws.
- Use a strong lock screen PIN or password. A six-digit PIN or alphanumeric password is much harder to guess than a four-digit PIN or a pattern. Avoid birthdays, repeating numbers, or anything connected to your personal information. This is key for protecting online accounts, including those used for cryptocurrency, and other sensitive information.
- Enable two-factor authentication, but use an authenticator app. SMS-based 2FA is better than nothing, but since call forwarding and SIM swapping can intercept text messages, an authenticator app (like Google Authenticator or Authy) is more secure for important accounts.
- Be careful on public Wi-Fi. Public networks are frequently targeted by hackers using man-in-the-middle attacks. Use a VPN if you need to connect, or stick to your mobile data for sensitive activity. Not sure which to use? See our picks for the best VPN services.
- Download apps only from official stores. Apple's App Store and Google Play both have review processes that catch most malicious apps. Third-party app sources do not. If a website or email asks you to install an app outside of the official store, don't do it. Malicious websites often disguise these requests as urgent security updates or prize notifications. These are sometimes known as drive-by downloads.
- Install a reputable security app. Apps like Netmonitor and mobile antivirus tools from trusted vendors can monitor for suspicious network activity and alert you to problems. Stick to well-known names and check reviews before installing anything marketed as a security tool, as some fake security apps are themselves malware.
If this has sparked an interest in how attackers operate and how to defend against them, Hackr has guides to the best ethical hacking courses online and the top cybersecurity certifications worth earning in 2026. You can also browse ethical hacking tutorial courses rated and reviewed by the developer community.
Frequently Asked Questions
Does *#21# tell you if your phone is tapped?
Dialing *#21# shows whether unconditional call forwarding is active on your number, which is one method hackers use to intercept calls. It does not detect all forms of phone tapping, spyware, or monitoring apps , which requires a dedicated security scan.
What does ##002# do to your phone?
##002# disables all call forwarding settings on your account in one step. It does not factory reset your phone, delete data, or change any settings other than call forwarding.
How do I know if my Android phone is hacked?
Common signs include sudden battery drain, unexplained data usage, the phone running hot when idle, unfamiliar apps, and contacts receiving messages you didn't send. Dial *#004# to check all call forwarding settings at once, then run a mobile security scan.
Can you unhack your phone?
In most cases, yes. Dial ##002# to clear any unauthorized call forwarding, change your passwords, run an antivirus scan to remove any malware, and contact your carrier if you suspect SIM swapping. Restoring your phone to its factory settings is a last resort if malware cannot be removed, but back up your data first.
Can you tell if your phone is being monitored?
USSD codes can reveal if your calls are being forwarded without your knowledge, which is a form of monitoring. For spyware that runs silently in the background, look for the physical signs above and use a reputable mobile security app to scan your device.
Are these codes safe to dial?
Yes. USSD codes query your carrier's network settings and display information. They do not trigger any actions, notify anyone, or grant access to your device. The one exception is ##002#, which actively disables call forwarding, but that is its intended purpose.
Do these codes work on iPhone?
The call forwarding codes (*#21#, *#61#, *#62#, *#67#, *#004#, and ##002#) work on both iPhone and Android. The Android-specific codes (*#*#4636#*#* and *#*#197328640#*#*) do not work on iPhone. For iPhone-specific network diagnostics, use *3001#12345#* to open Field Test Mode.
What do I dial to check if my phone is being tracked via GPS?
No USSD code can directly detect GPS tracking. To prevent it, go to Settings and review which apps have access to your location, and disable location services for any app that doesn't need it. If you suspect a tracking app has been installed, run a full mobile security scan.
What is the quickest single code to check if my phone is hacked?
Dial *#004# to check all conditional call forwarding settings at once. If the result shows any number other than your voicemail or "not active," dial ##002# immediately to disable all forwarding.
