Cyber security researcher He was able to know the phone number associated with any Google account, and information that is usually generally and is often sensitive, according to the researcher, Google, and 404 Media Expts.
The problem has been repaired since then, but at that time a special case has provided a privacy issue that who have relatively few resources could have forced them to the personal information of the people.
“I think this exploitation is very bad because it is a golden mine mainly by Sim Sim Spears,” wrote the independent security researcher who found the case, who goes to the Bretecat handle, in an email. Sim Swappers are infiltrators Check the target phone number In order to receive their calls and texts, which in turn can allow them to storm all kinds of accounts.
In mid -April, we presented BRUTECAT with one of Gmail’s personal addresses to test weakness. After about six hours, Bretecat answered with the correct and full phone number associated with this account.
Protikat said about his operation: “Basically, he highlights the number,” Protikat said about his operation. Because of the brute force is when the infiltrators quickly try to different groups of numbers or characters even find those they follow. This is usually in the context of finding a person’s password, but here Bretecat does something similar to determining the Google user number.
Protikat said in an email, brutal compulsion takes about one hour for an American number, or 8 minutes for the UK. They said that it could take less than a minute.
In a accompanying video showing the exploitation, Brothcat explains that the attacker needs a Google’s Google show name. It is found by transferring a ownership document from the Google Sudio product to the goal first, says the video. They say they have amended the name of the document to be millions of characters, which ends in the goal of not notifying the ownership key. Using some custom code, which are Detailed in their writingThen BRUTECat connects Google with phone number guesses to get a blow.
“The victim is not notified at all 🙂 I read a comment in the video.
“This problem has been repaired. We have always emphasized the importance of working with a security research community through our weakness program, and we want to thank the researcher for a sign of this problem. The researcher’s presentations like this is one of the many ways that we can find quickly and repair problems for the safety of our users.”
Phone numbers are an essential part of the information for SIM. These types of infiltrators have been linked to countless individuals for Theft of user names via the Internet Or coded currency. But advanced SIM indicators also escalated to target huge companies. some I worked directly with ransom gangs From Eastern Europe.
Armed with the phone number, SIM SWPper the victim may imitate the victim and persuade their communications to redirect the text messages to the HACKER SIM card. From there, the infiltrator can request a re -set text messages for password, or multiple agents, and log in to the valuable victim accounts. This can include accounts that store crying currency, or even more harmful, their email, which in turn can give access to many other accounts.
On its website, the FBI recommends not to announce their phone number publicly for this reason. “Protecting your personal and financial information. Do not announce your phone number, address, or financial assets, including ownership or investment of encrypted currency, on social media,” Read the site.
In their writing, Protikat said that Google gave them $ 5,000 and some spoils of their results. Initially, Google was weak as a low chance of exploitation. The company later upgraded this possibility to the average, according to the Bretecat writing.
https://media.wired.com/photos/6843422a546bf069da32682b/191:100/w_1280,c_limit/security-google-account-phone-number.jpg
Source link