{"title":"美国移动运营商号码回收的安全和隐私风险","authors":"Kevin Lee, Arvind Narayanan","doi":"10.1109/eCrime54498.2021.9738792","DOIUrl":null,"url":null,"abstract":"We examined the security and privacy risks of phone number recycling in the United States. We sampled 259 phone numbers available to new subscribers at two major carriers, and found that 171 of them were tied to existing accounts at popular websites, potentially allowing those accounts to be hijacked. Additionally, a majority of available numbers led to hits on people search services, which provide personally identifiable information on previous owners. Furthermore, a significant fraction (100 of 259) of the numbers were linked to leaked login credentials on the web, which could enable account hijackings that defeat SMS-based multi-factor authentication. We also found design weaknesses in carriers’ online interfaces and number recycling policies that could facilitate attacks involving number recycling. We close by recommending steps carriers, websites, and subscribers can take to reduce risk.","PeriodicalId":228129,"journal":{"name":"2021 APWG Symposium on Electronic Crime Research (eCrime)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Security and Privacy Risks of Number Recycling at Mobile Carriers in the United States\",\"authors\":\"Kevin Lee, Arvind Narayanan\",\"doi\":\"10.1109/eCrime54498.2021.9738792\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We examined the security and privacy risks of phone number recycling in the United States. We sampled 259 phone numbers available to new subscribers at two major carriers, and found that 171 of them were tied to existing accounts at popular websites, potentially allowing those accounts to be hijacked. Additionally, a majority of available numbers led to hits on people search services, which provide personally identifiable information on previous owners. Furthermore, a significant fraction (100 of 259) of the numbers were linked to leaked login credentials on the web, which could enable account hijackings that defeat SMS-based multi-factor authentication. We also found design weaknesses in carriers’ online interfaces and number recycling policies that could facilitate attacks involving number recycling. We close by recommending steps carriers, websites, and subscribers can take to reduce risk.\",\"PeriodicalId\":228129,\"journal\":{\"name\":\"2021 APWG Symposium on Electronic Crime Research (eCrime)\",\"volume\":\"8 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 APWG Symposium on Electronic Crime Research (eCrime)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/eCrime54498.2021.9738792\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 APWG Symposium on Electronic Crime Research (eCrime)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/eCrime54498.2021.9738792","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security and Privacy Risks of Number Recycling at Mobile Carriers in the United States
We examined the security and privacy risks of phone number recycling in the United States. We sampled 259 phone numbers available to new subscribers at two major carriers, and found that 171 of them were tied to existing accounts at popular websites, potentially allowing those accounts to be hijacked. Additionally, a majority of available numbers led to hits on people search services, which provide personally identifiable information on previous owners. Furthermore, a significant fraction (100 of 259) of the numbers were linked to leaked login credentials on the web, which could enable account hijackings that defeat SMS-based multi-factor authentication. We also found design weaknesses in carriers’ online interfaces and number recycling policies that could facilitate attacks involving number recycling. We close by recommending steps carriers, websites, and subscribers can take to reduce risk.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
