Unlocking Secrets: Researcher Discovers Method to Reveal Any Phone Number Linked to Google Accounts

A cybersecurity researcher recently uncovered a method to reveal the phone number associated with any Google account, raising significant privacy concerns. This vulnerability, which allowed even less sophisticated hackers to access sensitive information, has since been addressed by Google.

The researcher, known under the pseudonym "brutecat," described the issue as a major risk for individuals, particularly for those targeted by SIM swappers—hackers who take control of phone numbers to gain access to personal accounts. In mid-April, brutecat performed a test using one of their Gmail addresses and successfully revealed the linked phone number within hours.

Brutecat’s technique involved a brute-force attack, where the attacker rapidly guesses potential phone number combinations akin to how one might crack a password. This could take approximately one hour for U.S. numbers, eight minutes for U.K. numbers, and even less time for other countries.

To initiate the attack, brutecat explained that an attacker would need the target’s Google display name, which could be obtained through a manipulated Google document transfer that goes unnoticed by the victim. By bombarding Google’s systems with guessed phone numbers, brutecat was able to pinpoint the actual number linked to the account.

Google confirmed that the vulnerability had been fixed and emphasized its commitment to working collaboratively with the security research community to safeguard user privacy. The company initially classified the exploit as low-risk but later acknowledged its medium risk status.

Access to phone numbers poses a significant threat, as it enables SIM swappers to impersonate victims and potentially gain access to critical accounts through password reset requests that rely on text message confirmations. The FBI advises individuals not to publicly share their phone numbers to protect their personal and financial information.

In recognition of brutecat’s discovery, Google awarded them $5,000 and some promotional items for their contribution to enhancing user security.

Editor

As the Editor of IT Magazine, I curate cutting-edge content on technology trends, collaborating with experts to deliver insightful articles and reviews. With a focus on innovation and precision, I ensure each issue maintains the magazine's reputation as a trusted source in the IT community.