Since then the problem has been solved, but at the time it presented a privacy problem in which even hackers with relatively few resources could have built their way to people’s personal information.
“I think this exploit is quite negative since it is basically a gold mine for SIM Swappers,” wrote the independent safety researcher that the problem has found, which moves to handlecat, in one and -mail. Sim Swapperrs are hackers who Take a target phone number To receive their calls and messages, which in turn can make them break in all types of accounts.
In mid -April, we provided Brutecat one of our personal Gmail addresses in order to test vulnerability. About six hours later, Brutetat replied with the correct and complete phone number connected to that account.
“Essentially, he is leafing through the number,” said Brutecat of their trial. Bruta forcing is when a hacker quickly looks for several combinations of figures or characters until they find those they are looking for. Generally it is in the context of finding someone’s password, but here Brutetat is doing something similar to determine the phone number of a Google user.
Brutetat said in an e -mail that the brute forcing requires about an hour for an American number or 8 minutes for one of the United Kingdom. For other countries, they can take less than a minute, they said.
In an accompanying video that demonstrates the exploit, Brutetat explains that an attacker needs the target Google name. They find it by transferring the property of a document from the Google Studio Looker product to the target, says the video. They say they have changed the name of the document to be millions of characters, which ends with the aim that is not informed of the property interview. Using a personalized code, that they detailed in their writingBrutecat then bar Google with hypotheses on the phone number until it is hit.
“The victim is not informed at all :)” reads in the caption in the video.
A Google spokesman told 404 media in a declaration “This problem has been solved. We have always underlined the importance of working with the security research community through our prizes for the vulnerability and we want to thank the researcher for reporting this problem. The researcher presentations such as this are one of the many ways in which we are able to find quickly and solve the safety problems of our users.”
Telephone numbers are a key information for SIM Swapper. These types of hackers have been connected to countless hacks of single people to do it steal user names online or cryptocurrency. But the sophisticated SIM Swappers have also intensified to target huge companies. Some have He worked directly with the ransomware bands from Eastern Europe.
Armed with the phone number, a Swapper SIM can therefore impersonate the victim and convince their telecommunications to redirect the text messages on a SIM card that Hacker controls. From there, the hacker can request text messages to reset password or authentication codes to multiple factors and access the victim’s precious accounts. This could include accounts that memorize cryptocurrency, or even more harmful, their and -mail, which in turn could grant access to many other accounts.
On its website, the FBI recommends people not publicly advertise their phone number for this reason. “Protect your personal and financial information. Do not advertise the telephone number, address or financial resources, including the property or cryptocurrency investments, on social media sites”, The site reads.
In their article, Brutetat said that Google assigned them $ 5,000 and some swags for their results. Initially, Google has marked vulnerability with a low possibility of exploitation. The company subsequently updated that probability to the vehicle, according to Brutet’s writer.
Share This
Discover more from Gautam Kalal
Subscribe to get the latest posts sent to your email.
Be First to Comment