Basically, someone with your phone number exclusively would be able to
- Retrieving targeted device’ location and IMEI information,
- Spreading mis-information by sending fake messages on behalf of victims,
- Spying on victims’ surroundings by instructing the device to call the attacker’s phone number,
- Spreading malware by forcing victim’s phone browser to open a malicious web page,
And there is evidence that some governments are doing this. I was trying to reach some PT telcos to know if they are affected.