Security News > 2021 > May > New Study Warns of Security Threats Linked to Recycled Phone Numbers
A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even prevent victims from signing up for online services.
Nearly 66% of the recycled numbers that were sampled were found to be tied to previous owners' online accounts at popular websites, potentially enabling account hijacks by simply recovering the accounts tied to those numbers.
Phone number recycling refers to the standard practice of reassigning disconnected phone numbers to other new subscribers of the carrier.
According to the Federal Communications Commission, an estimated 35 million phone numbers are disconnected each year in the U.S. But this can also pose serious dangers when an attacker does a reverse lookup by randomly entering such numbers in the online interfaces offered by the two carriers, and upon encountering a recycled number, buy them and successfully log in to the victim account to which the number is linked.
At the heart of the attack strategy is the lack of query limits for available numbers imposed by the carriers on their prepaid interfaces to change numbers, in addition to displaying "full numbers, which gives an attacker the ability to discover recycled numbers before confirming a number change.
Beyond the aforementioned three reverse lookup attacks, five additional threats enabled by phone number recycling target both previous and future owners, permitting a malicious actor to impersonate past owners, hijack the victims' online phone account and other linked online accounts, and worse, carry out denial-of-service attacks.
News URL
Related news
- Obsidian Security Warns of Rising SaaS Threats to Enterprises (source)
- Eliminating AI Deepfake Threats: Is Your Identity Security AI-Proof? (source)
- AWS security essentials for managing compliance, data protection, and threat detection (source)
- New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones (source)
- Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority (source)