Your Old Phone Numbers Could Come Back to Haunt You
No one wants to gets stuck with their old phone forever. The joy and experience of upgrading your device to a new one never get old. Many people upgrade or change their phones from time to time due to one reason or the other. Regardless of the reason, buying a new phone always leaves a satisfactory feeling.
Nevertheless, while updating your phone to a new one brings so much joy, changing your phone number can pose a security risk, according to experts. Before this period, people do not see anything wrong with changing their phone numbers. However, experts are now saying that after changing your phone number, your old number could come back to haunt you.
Old phone numbers usually remain linked to their previous users, according to a report by Princeton University’s Department of Computer Science and Center for Information Technology Policy. Since old numbers are still tied to their previous users, the previous owners are susceptible to a wide range of attacks. The security risk is even higher when there are account logins tied to the old phone or when the user stored personally identifiable information in the phone number.
Many Phone Numbers Are Being Recycled
During the research, the Department of Computer Science and Center for Information Technology Policy studied 259 different phone numbers. These phone numbers were new and available to new subscribers. After the research, they discovered that 171 out of the 259 phone numbers remain linked to existing user accounts on some common sites.
The research also revealed that 100 of them were tied to online credentials that were leaked recently, which means the previous users experienced a data breach, and hackers could easily hijack their accounts by using SMS-based 2FA authentication. The researchers also added that most of the numbers they examined showed results on people’s search services. Again, this is not a good thing, as it provides information that you can use to identify the previous owners personally. When the users’ identities are exposed like that, it could put them at risk.
The team pointed out a couple of possible attack vectors it experienced, some of which are Distributed Denial of Service (DDoS) attacks, phishing attacks, and account takeover (which can be done without knowing the password).
Nevertheless, the team also pointed out that some mobile network carriers allowed for the preview of full numbers either during the changing of the number or the signup process. This means a hacker can do some findings on the phone number by searching for owner history or linked accounts. They can do all of these before they obtain the recycled number.
According to the report, recycling old phone numbers is not a great idea, and it could put those involved in a lot of trouble. The report also noted that those who purchased recycled phone numbers that previously belonged to someone else usually receive communication and information meant for the previous owner of the number. They often receive information and communication ranging from personal text messages down to threatening robocalls.
Can I Prevent My Old Phone Number from Coming Back to Haunt Me?
The recycling of old phone numbers is a regulated industry practice, and it does not seem like it is going to stop anytime soon, said the team. However, all stakeholders can do more work to diminish and illuminate the issues. They also suggested that online services should stop equating an SMS password entered correctly with successful user authentication.
This is because once the attackers get hold of the old number, they can initiate a password recovery protocol on the account of the previous owner of the number. When this happens, the online service will send a verification code to the number, which is already in the hand of the hacker, and hence, providing them with easy access to the account of the individual. Hence, online services should look for better ways to verify user authentication beyond correctly entered SMS passwords.
Another solution that the team suggested is for users to make a conscious effort of porting their existing phone number whenever they buy a new phone. This is one of the best ways to stay safe and protect yourself against such attacks. If you do not want to port your existing number, you can use the “number parking” services. By taking advantage of this service, all your past accounts linked to your old number will be shuttered off.
With this, no attackers will be able to gain access to your accounts even when they have your old number. This would prevent your old number from coming back to haunt you. However, the best option remains porting your existing number, as this would make you easily reachable by those who have that number, except you deliberately don’t want to be reached via that number.
Reference
Written by The Original PC Doctor on 29/05/2021.
