A controversial practice of mobile phone operators could expose users to all kinds of security and privacy risks. According to a recent report, mobile phone operating companies recycle old phone numbers trying to avoid a scenario of future exhaustion of possible combinations of numbers, recycling up to 37 million phone numbers per year.
Unintentionally, this practice has revealed the information of hundreds of thousands of former clients and, in the worst case, could be used for dangerous variants of account hijacking or hacking, according to a study by Princeton University.
As if that wasn’t enough, many users take these kinds of risks lightly, and even harass new owners of old numbers by allowing them to be spam or making annoying phone calls, which can pose a severe risk to personal information.
Princeton researchers conducted tests with a recycled number, discovering that users received multiple messages intended for other users, including blood test results and hotel reservations, in a clear sample of the link between phone number and users’ online activity.
Worse, in some cases they may find multiple sensitive data or even bypass the multi-factor authentication mechanism linked to each phone number. In other words, the new owner of a recycled number could easily access the new user’s social media accounts and emails.
Hackers could also benefit from this practice, as it is enough to use information wrongly sent to a user and match it with recent data breach incidents to find more sensitive information. These compromised logs may end up on dark web hacking platforms for sale or even free download. The possibility of these attacks is considerable, as researchers estimate that about 65% of recycled phone numbers remain linked to at least one online platform, so affected users would be exposed to at least three attack variants.
Researchers conclude their report by mentioning that the best way to prevent such attack variants is for users to try to keep their phone numbers, even if they change operating companies, as in the long run they will prevent their respective phone numbers from being affected.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.