A cybersecurity researcher discovered a serious vulnerability that allowed them to link phone numbers to Google accounts, a breach of typically private information. The research indicated that even less experienced hackers could exploit this flaw through simple brute force methods. The researcher emphasized the danger posed by this exploit to individuals targeted by SIM swappers. Although Google eventually fixed the issue, the ease with which brutecat retrieved phone numbers raised concerns about user privacy and security. The research highlights the need for improved protection against such accessible vulnerabilities.
"I think this exploit is pretty bad since it's basically a gold mine for SIM swappers," the security researcher wrote, expressing the severity of the vulnerability faced by users.
"Essentially, it's bruting the number," brutecat explained, illustrating their method of rapidly testing combinations to find sensitive phone numbers linked to Google accounts.
In an accompanying video... brutecat explains an attacker needs the target's Google display name... and modified the document's name to be millions of characters to evade detection.
Brutecat said the brute forcing takes around one hour for a U.S. number... for other countries, it can take less than a minute.
Collection
[
|
...
]