Steal-Phone-Number
Steal-Phone-Number copied to clipboard
frogg
Next steps
So I was wondering, what are the next steps you are planning to do in regards of the problem? Are you planning to contact Deutsche Telekom and ask them to make "my phone number" less reachable? Is there a plan to turn the project into a platform of js-written phone number thieving parsers for all the different regions and providers that allow for this stuff to happen?
Hey Isaac,
that's an excellent question. I mentioned some of it in the Readme under "What's Next?":
- Telekom should stop signing me in automatically. Users don't expect to be logged in without entering credentials. Only when I enter my UserID & password I am aware that personal information will be shown on the website. This would also prevent attacks like this.
- Apple should give users more transparency what kind of data apps are transmitting to their backend. Users should be able to block certain network requests or completely disable network requests for a specific app.
The first point is directly directed to Telekom and a friend of mine already reported all required information to them. The second point is very bonus and not very related to this exploit but it would help to get more awareness for these kinds of problems for the user.
As of now, Telekom removed the phone number from these pages so I guess the initial privacy concerns to steal the phone number are eliminated (I don't have any direct confirmation for this though).
Obviously I don't want to create a platform that allows companies and apps to steal user's phone numbers here – this is more about raising awareness and forcing providers to fix their privacy issues – which already worked with Telekom as you can see. I see this project as a place where other people can submit similar issues with other providers to help protect their users as well.
Let me know what you think and feel free to submit information about your provider!
