Security News > 2020 > February > How one man could have flooded your phone with Microsoft spam

How one man could have flooded your phone with Microsoft spam
2020-02-27 15:17

Microsoft has a neat web page that helps you get Outlook set up on your phone.

Just like Italian security researcher Luca Epifanio, our first thought was, "What if someone decides to put in someone else's phone number and then spam them over and over and over again?".

Well, Luca wondered just how robust Microsoft's "Same number" detection might be, and whether it could easily be bypassed.

Only the digits matter in the phone number to which the message gets sent, but - as Luca suggested in an email he sent us - it looks as though Microsoft's "Number verification" check was done with the extraneous characters included.

We tried adding redundant characters to our own phone number today, and were unable to send any messages after the third had gone through.


News URL

https://nakedsecurity.sophos.com/2020/02/27/how-one-man-could-have-flooded-your-phone-with-microsoft-spam/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399