Spammers unleash DIY phone number slurping web tool Mobile spammers have released a DIY phone number harvesting tool, but instead of advertising it solely on criminals-only online hangouts, they're trying to flog it out in the open. The availability of the utility turns the simple act of submitting a mobile number to a website something that might lead to the receipt of more …
sites that display your mobile number without the need for authentication
do these exist? and if so, why have they any numbers to show?
I can see it picking up lots of "who calls me" and random number site (type a mobile phone number a few digits off into google and people have just spammed results with every possible combination ever, presumably whether or not they're active)
There'll be too much noise for anything meaningful I'd say
All you need to do is to tap into SMTP traffic and you'll get lots of phone numbers - everyone's signature.
The MASSIVE problem with SMS is that it's the perfect captured audience - AFAIK there isn't a single phone on the market that allows you to disable it so the moment someone finds a route to send SMS withou it costing them anything all hell will break loose. This is where iOS has a disadvantage: it doesn't allow non-interactive access to SMS to block spammy Apps, but it also means it is not possible to build a filter for incoming traffic. AFAIK, with Android it is possible to cook up some filter.
Whilst most smtp traffic is sent unencrypted, how do you propose tapping into one of the backbone nets? Or rather, if someone did tap into one, they'd be looking for far greater things than mobile phone numbers.
Alternatively, an employee of a company could sniff a local lan (assuming the switch had been flooded enough to work as a hub), or an ISP employee could sniff their customers data. But in both these cases, said staff would probably have access to this information via the internal directory / customer database.
As for SMS, I guess you were referring to a way to disable all incoming SMS?
Even my cheapo "Tesco Mobo" (£20 including some credit) allows blacklisting of specific numbers for voice or sms or both.
These days, respectable whois providers use CAPTCHA or other means of increasing the labour required to obtain one phone number. And many domain registration services put in -their- contact details instead of yours. Presumably they pass on legitimate inquiries to the domain user?
BBC News (on strike today incidentally) sometimes asks for a phone number with responses on its web site, in case you say something interesting and they get the urge to talk to you voicewise. But I presume that it's kept secure, not published, and it's optional. Not everyone has one, anyway!
Instead of paying to receive SMS(*), I want to make it so people have to pay ME to send me an SMS. If it's somebody I know, I can refund the money to them, but if I don't know them, cha-ching!
And since, for many of the "free" SMS services (or PAYG cards with lots of SMS on them) the cost of paying me comes out of the carrier's pocket, it is likely the carriers will get their act together on preventing this sort of abuse.
(*) Since we do SMS bass-ackwards here in the US, and the phone company either wants me to pay a monthly fee for "unlimited" text or pay per text received, with a PITA process to demand refunds for unwanted texts, and since I have an unlimited data plan and proper IM on my phone, I have SMS totally disabled, so my paying for SMS is hypothetical.
You call me from overseas...you will pay...I have time to burn and it your phone bill.
I have unlimited SMS in my package. What was your phone number again? :)
I don't have this problem. Every time a website asks me for my number I give them the number of some official setup in their country such as an Information Commissioner. They won't be abusing that for long (evil grin).
Voice over IP (IP telephony), bulk purchase of SMS at incredibly low rates, even a disposable phone with a few quids worth of credit could offer thousands or even unlimited texts, blah blah blah.
The cost of the technology is essentially zero, an open source PBX, dialler, IVR (which could easily target a telco or bank, spoof the CLI and navigate their menu trees and elicit information - even failed calls may tell them something, side channel attack if you like - that could have financial value).
Next time you call your phone provider or bank or utility company, just think about your experience through technology or people - I am sure that even a stupid person could easily think of exploits that those companies hadn't considered when they put their services together.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
