Techly NewsGet the app

Get the latest tech news

Bruteforcing the phone number of any Google user


From rate limits to no limits: How IPv6's massive address space and a crafty botguard bypass left every Google user's phone number vulnerable

< Back A few months ago, I disabled javascript on my browser while testing if there were any Google services left that still worked without JS in the modern web. Optimizing it further By using libphonenumbers's number validation, I was able to generate a format.json with mobile phone prefix, known area codes and digits count for every country. Country codeTime requiredUnited States (+1)20 minsUnited Kingdom (+44)4 minsNetherlands (+31)15 secsSingapore (+65)5 secsThis time can also be significantly reduced through phone number hints from password reset flows in other services such as PayPal, which provide several more digits (ex.+14•••••1779)

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Google

Google

Photo of phone number

phone number

Photo of Google user

Google user

Related news:

News photo

Google fixes bug that could reveal users’ private phone numbers

News photo

A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account

News photo

OnePlus' latest flagships flex a Gemini trick Google forgot to give its Pixels

« Ending the Xbox Summer Game Fest Showcase with COD: Black Ops 7 was a terrible decision, even though it no doubt made perfect sense
AI Angst »