Phone numbers are not so good for security and authentication, as we think. They represent a poor method of protection because most of us have so much invested in these digits that they’ve become de facto identities.
Let’s see how exactly we got so dependent where a single, semi-public and occasionally transient data point like a phone number can unlock so much access to sensitive data.
BE AWARE! Some of the biggest cyber-criminals can hijack your phone numbers via SIM swapping attacks in minutes. These illegal SIM swaps allow hackers to hijack a target’s phone’s number and use it to steal financial data, passwords, cryptocurrencies, and other items.
Nowadays countless companies have built their customer authentication around the phone number, and that a great many sites still let users reset their passwords with nothing more than a one-time code texted to a phone number on the account. This kind of practices allows the hackers to hijack victim’s online account whit just the phone number not even knowing a single password.
For example, cybersecurity researchers have regained access to a Yahoo account that hadn’t been used in almost five years. Yahoo’s forgot password feature let everyone enter a phone number, and after entering a code sent to the phone the email account can be accessed.
So, if that Yahoo account is tied to a mobile number that you can receive text messages at, then you can assume control over the account. And every other account associated with that Yahoo account. Even if that phone number no longer belongs to the person who originally established the email account.
One time the specialists accidentally hijacked a random person’s account. They were trying to get get a bank account at an online service provider for testing, and when they put a burner phone number into the site, went through the SMS password reset process, got the link and it said ‘Welcome Back’ to some username they didn’t know. Then they were suddenly reading the private messages of the account.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
If we look in the past back then, a phone wasn’t tied to any one person’s identity, and possession of that phone number never proved that person’s identity since now. Now phone number is tied to peoples’ identities, even though we’re recycling them and this recycling is a fundamental part of how the phone system works.
Imagine if you get divorced and lose control over your bills and account. Then your number can be given away, and if it goes to someone else you don’t get it back. Except for this situation, there are all kinds of life situations where a phone number is not a good identifier.
In order to protect your data, consider establishing a Google Voice account if you don’t already have one. Then you should set up a new number, Google requires you to provide a number capable of receiving text messages. Once your Google Voice number is linked to your mobile, the device at the mobile number you gave to Google should notify you instantly if anyone calls or messages the Google number if you are connected to the internet.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.