Google fixes bug that could reveal users' private phone numbers
A security researcher has discovered a bug that could be exploited to reveal the private recovery phone number of almost any Google account without alerting its owner, potentially exposing users to privacy and security risks.
Google confirmed to TechCrunch that it fixed the bug after the researcher alerted the company in April.
The independent researcher, who goes by the handle brutecat and blogged their findings, told TechCrunch that they could obtain the recovery phone number of a Google account by exploiting a bug in the company's account recovery feature.
The exploit relied on an 'attack chain' of several individual processes working in tandem, including leaking the full display name of a targeted account, and bypassing an anti-bot protection mechanism that Google implemented to prevent the malicious spamming of password reset requests. Bypassing the rate limit ultimately allowed the researcher to cycle through every possible permutation of a Google account's phone number in a short space of time and arrive at the correct digits.
By automating the attack chain with a script, the researcher said it was possible to brute-force a Google account owner's recovery phone number in 20 minutes or less, depending on the length of the phone number.
To test this, TechCrunch set up a new Google account with a phone number that had never been used before, then provided brutecat with the email address of our new Google account.
A short time later, brutecat messaged back with the phone number that we had set.
'bingo :),' said the researcher.
Revealing the private recovery phone number can expose even anonymous Google accounts to targeted attacks, such as takeover attempts. Identifying a private phone number associated with someone's Google account could make it easier for skilled hackers to take control of that phone number through a SIM swap attack, for example. With control of that phone number, the attacker can reset the password of any account associated with that phone number by generating password reset codes sent to that phone.
Given the potential risk to the wider public, TechCrunch agreed to hold this story until the bug could be fixed.
'This issue has been fixed. We've always stressed the importance of working with the security research community through our vulnerability rewards program and we want to thank the researcher for flagging this issue,' Google spokesperson Kimberly Samra told TechCrunch. 'Researcher submissions like this are one of the many ways we're able to quickly find and fix issues for the safety of our users.'
Samra said that the company has seen 'no confirmed, direct links to exploits at this time.'
Brutecat said Google paid $5,000 in a bug bounty reward for their finding.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
New York Times
25 minutes ago
- New York Times
Even Before His Return to the White House, Trump Was Becoming a Crypto Czar
Donald J. Trump got a small taste last year of life as a cryptocurrency mogul. His stake in World Liberty Financial, the cryptocurrency firm that he unveiled during the presidential campaign, earned about $57 million, making it one of the Trump family's most lucrative investments in 2024. And a licensing deal involving a related industry, NFT collectibles, produced another $1.2 million. Mr. Trump's wife, Melania, contributed to the family income, receiving $217,000 in licensing fees related to a digital token. The results, detailed in Mr. Trump's mandatory financial disclosure report for 2024 and released on Friday, previewed the crypto riches he is now poised to reap as president. Since Mr. Trump took office a second time this year, his crypto fortunes have skyrocketed through a series of business ventures that pose unprecedented conflicts of interest. Not only is Mr. Trump a major operator in the crypto industry, he is also its top policymaker — and a symbol of its rising stature in Washington. Even as the president seeks to deregulate and promote the industry, Mr. Trump's personal net worth has soared through crypto. Though the information in the financial disclosure ends as of Dec. 31, 2024, World Liberty announced this year that it had sold more than a half-billion dollars' worth of its coin, a significant portion of which the Trump family was entitled to. Separately, Mr. Trump developed a personal cryptocurrency known as $TRUMP, a memecoin launched days before his inauguration, that on paper could be worth billions of dollars. Want all of The Times? Subscribe.
Yahoo
30 minutes ago
- Yahoo
Apple confirms iOS 26 with huge updates and major new features
When you buy through links on our articles, Future and its syndication partners may earn a commission. Apple has confirmed what weeks of rumours had been indicating – its next wave of iOS is getting a big shift in its name, dubbed iOS 26 to match the calendar year during which the software will predominantly be active. That'll skip us from the current iOS 18 straight to 26, but from then onwards it should be a more logical annual change to the number. Alongside that big news, Apple also used today's WWDC to actually show off the new OS, featuring its all-new Liquid Glass design language. After talking up the fact that it hadn't enacted a major design change for pretty much a decade, Apple showed off how Liquid Glass will change the look and feel of your iPhone pretty comprehensively. The new "material" is basically a way of layering elements on your display naturally, with fun transparent effects that behave a lot like glass really would. The presentation showed off a range of glimpses of Liquid Glass in different settings, some of them very similar to the old design, and others more distinct. App icons have been refreshed, for example, but look extremely recognisable, as do many menu items and options. However, the Control Centre is now way glassier and eye-catching (whether you like it or not), while overlaid video controls also showed up much more obviously when demonstrated. Various key apps got big tweaks besides their design, too. The Photos app is going back to a tabbed approach, and the Camera app got a new lick of paint, too – much, well, glassier. The Phone app has a new one-page unified layout for all your favourite contacts, recent calls and voicemails in one place. It's also getting a call screening feature that will be familiar to any Google users, since it has boasted the feature for a while on Pixel hardware. Similar screening options will also come to the Messages app, along with the ability to add backgrounds to your group chats. It'll also get polls, all of which might make it even more of a competitor to the likes of WhatsApp, which has had some of these features for a while. There will be weeks of dissection of all the new tweaks and features that Apple showed off today, but the key knowledge that the software will be called iOS 26 is worth restating – hopefully this doesn't result in any confusion when upgrade time comes this autumn.
Business Insider
38 minutes ago
- Business Insider
Google launches Audio Overviews experiment for Search queries
Google said in a blog post that it is launching a new Search experiment in Labs – Audio Overviews, which uses its latest Gemini models to generate quick, conversational audio overviews for certain search queries. 'Searching for a topic you're not familiar with? An audio overview can help you get a lay of the land, offering a convenient, hands-free way to absorb information whether you're multitasking or simply prefer an audio experience,' the company said. 'Want to explore a topic further? We display helpful web pages right within the audio player on the search results page so you can easily dive in and learn more. To try it out, opt into the experiment in Labs. When our systems determine it might be useful, you'll see the option on the search results page to tap to generate a short audio overview on the topic of your query. You can give a thumbs up/down on each discussion, and the experiment as a whole in Labs.'
