Android: your old phone number can be a big problem for you!

Phone numbers often remain linked to their previous owner, according to a study by researchers at Princeton University. Users can then be exposed to various attacks, especially if accounts are still linked to this Android old phone number.

Android: your old phone number can be a big problem for you!

Researchers at the prestigious Princeton University have made a rather disturbing discovery. Indeed, it turns out that phone numbers can remain linked to their former owner. And at the same time, expose it to many problems, especially if the number in question is still linked to certain accounts and used in particular to recover a password or an identifier.

The researchers examined 259 phone numbers made available to new subscribers by two major US operators. Upon investigation, they discovered that 171 numbers were still linked to existing user accounts on a large number of popular websites. Additionally, 100 of them were linked to already leaked online credentials.

In other words, these numbers have been compromised and can very well be used to bypass two-factor authentication, for example. Best of all, the researchers noted that the majority of these numbers displayed results on reverse directories or other people search services, with personal information on the previous owners as a result.

An Android Old Phone Number Can Cause Very Big Problems For You

To this must be added all the risks of phishing and account takeovers that the linking of these numbers with their former owners can generate. “Recycled or old phone numbers can cause problems for everyone involved. Subscribers who are assigned a phone number belonging to a former owner often end up receiving communications intended for the former owners, whether they are threatening robocalls or personal texts ”, specify the researchers of Princeton.

As a regulated industry practice, phone number recycling is unlikely to stop. Nevertheless, all stakeholders must make efforts to alleviate the problem. In particular, online services should no longer equate the correct entry of a password received by SMS as successful user authentication ”, recommend the researchers.

Post a Comment