{"id":136895,"date":"2018-09-04T13:38:21","date_gmt":"2018-09-04T19:38:21","guid":{"rendered":"http:\/\/hill-kleerup.org\/blog\/2018\/09\/04\/the-insecurity-of-mobile-phone-numbers.html"},"modified":"2018-09-05T19:42:58","modified_gmt":"2018-09-06T01:42:58","slug":"the-insecurity-of-mobile-phone-numbers","status":"publish","type":"post","link":"https:\/\/hill-kleerup.org\/blog\/2018\/09\/04\/the-insecurity-of-mobile-phone-numbers.html","title":{"rendered":"The (In)Security of Mobile Phone numbers"},"content":{"rendered":"

As people use mobiles more and more for not just phone calls (wait, they do that, too?) but as their primary access to the Internet, more and more companies and sites are using your mobile number as not just your ID, but as your authenticator, too.<\/p>\n

But increasingly that’s problematic. Combining ID and authentication (this is who I say I am; this is how I prove it) into a single value or point is always theoretically a security risk, and trusting in physical possession of a phone or that phone numbers themselves cannot be stolen is becoming less and less of a certainty.<\/p>\n

I don’t have any advice here — not even anything I plan on doing myself aside from trying to be vigilant. But expect security issues around this to get worse before they get better.<\/p>\n


\n
\n<\/a>
\nPhone Numbers Were Never Meant as ID. Now We\u2019re All At Risk | WIRED<\/a><\/span>
\nYour phone number was never meant to be your identity. Now that it effectively is, we’re all at risk.<\/p><\/blockquote>\n

Original Post<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

As people use mobiles more and more for not just phone calls (wait, they do that, too?) but as their primary access to the Internet, more and more companies and sites are using your mobile number as not just your ID, but as your authenticator, too. But increasingly that’s problematic. Combining ID and authentication (this … Continue reading “The (In)Security of Mobile Phone numbers”<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_seopress_robots_follow":"","_seopress_robots_imageindex":"","_seopress_robots_snippet":"","_seopress_robots_primary_cat":"","_seopress_robots_breadcrumbs":"","_seopress_robots_freeze_modified_date":"","_seopress_robots_custom_modified_date":"","_seopress_robots_canonical":"","_seopress_social_fb_title":"","_seopress_social_fb_desc":"","_seopress_social_fb_img":"","_seopress_social_fb_img_attachment_id":0,"_seopress_social_fb_img_width":0,"_seopress_social_fb_img_height":0,"_seopress_social_twitter_title":"","_seopress_social_twitter_desc":"","_seopress_social_twitter_img":"","_seopress_social_twitter_img_attachment_id":0,"_seopress_social_twitter_img_width":0,"_seopress_social_twitter_img_height":0,"_seopress_redirections_value":"","_seopress_redirections_enabled":"","_seopress_redirections_enabled_regex":"","_seopress_redirections_logged_status":"","_seopress_redirections_param":"","_seopress_redirections_type":0,"_seopress_analysis_target_kw":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[106,375],"tags":[],"class_list":["post-136895","post","type-post","status-publish","format-standard","hentry","category-plusposts","category-computer-security"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":134736,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/09\/18\/social-security-numbers-broken-alternative.html","url_meta":{"origin":136895,"position":0},"title":"Social Security Numbers are broken. What is the alternative?","author":"***Dave","date":"Mon 18-Sep-17 11:41am","format":false,"excerpt":"We are increasingly a data-driven world. There are electronic records about us everywhere, and we rely on them in a thousand different ways to identify us. But anyone who's ever worked with a system that tries to reliably and consistently identify people knows that it's a problem. What identifier is\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2017\/09\/Equifax-HQ.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":1513,"url":"https:\/\/hill-kleerup.org\/blog\/2001\/12\/18\/and_the_kitchen.html","url_meta":{"origin":136895,"position":1},"title":"And the Kitchen Sync","author":"***Dave","date":"Tue 18-Dec-01 5:07pm","format":false,"excerpt":"Okay, I have a Palm. And a Motorola V.60t cell phone. What I really want is to be able to beam my phone numbers from my Palm to my Motorola,...","rel":"","context":"In "Hi-Tech"","block_context":{"text":"Hi-Tech","link":"https:\/\/hill-kleerup.org\/blog\/category\/hi-tech"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":135544,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/12\/05\/musings-history-area-codes.html","url_meta":{"origin":136895,"position":2},"title":"Musings on the History of Area Codes","author":"***Dave","date":"Tue 5-Dec-17 10:40am","format":false,"excerpt":"The Area Code was well established by the time I was starting to learn phone numbers. I do remember having an area code change on me as a kid in Southern California, and remember when, after moving to Denver, we went through the \"trauma\" of overlaying the new 720 on\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2017\/12\/telephone-old.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":48878,"url":"https:\/\/hill-kleerup.org\/blog\/2014\/12\/11\/the-drivers-id-app.html","url_meta":{"origin":136895,"position":3},"title":"The Driver's ID app","author":"***Dave","date":"Thu 11-Dec-14 4:34pm","format":false,"excerpt":"Um ... no. I don't want to depend on my phone for my ID, nor do I want to hand it to a cop. Just not seeing an upside here.(No, I don't use my phone for my boarding pass, either -- it's one more object to juggle going through security\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":136310,"url":"https:\/\/hill-kleerup.org\/blog\/2018\/05\/08\/so-last-years-equifax-breach-was-even-more-awful-than-previously-revealed.html","url_meta":{"origin":136895,"position":4},"title":"So last year’s Equifax breach was even more awful than previously revealed","author":"***Dave","date":"Tue 8-May-18 6:24pm","format":false,"excerpt":"Largely because Equifax didn't reveal a lot of the details because state laws didn't require them to. A certain amount of the data stolen for millions (tens of millions, hundreds of millions) of Americans is of vague concern because it's private information that is now presumably available to any black\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2017\/09\/Equifax%2BHQ.jpgimgmax%3D660.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":147389,"url":"https:\/\/hill-kleerup.org\/blog\/2019\/11\/19\/im-mobilized.html","url_meta":{"origin":136895,"position":5},"title":"Im-mobilized","author":"***Dave","date":"Tue 19-Nov-19 6:18pm","format":false,"excerpt":"Being without a mobile phone for a week-plus sucks","rel":"","context":"In "Computer Security"","block_context":{"text":"Computer Security","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/computer-security"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2019\/11\/pixel-charging.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2019\/11\/pixel-charging.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2019\/11\/pixel-charging.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2019\/11\/pixel-charging.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2019\/11\/pixel-charging.jpg?resize=1050%2C600&ssl=1 3x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/136895","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/comments?post=136895"}],"version-history":[{"count":1,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/136895\/revisions"}],"predecessor-version":[{"id":137002,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/136895\/revisions\/137002"}],"wp:attachment":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/media?parent=136895"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/categories?post=136895"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/tags?post=136895"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}