Information (Aug 2018)
Breaking Users’ Mobile Phone Number Based on Geographical Location: A Case Study with YY
Abstract
Geographical location and mobile phone numbers are important parts of user privacy and lots of studies have been working on the privacy leakage problems of these two aspects. However, no researchers have ever studied the security problems that can be caused by the interaction between them. We show a new form of network attack in this paper by making full use of the relationship between them; namely, we try to break a user’s mobile phone number with the aid of a user’s geographical location that has been broken. We study the phenomenon of exposing a user’s geographical location and parts of their phone number that exist in a series of popular software products, and the possibility of the user’s mobile phone number to be broken is discussed. We choose one of the software (the largest entertainment webcast platform in China—YY) as the research object. First, taking advantage of a series of security vulnerabilities that exist in YY, a user’s accurate geographical location is broken by the trilateration localization algorithm. Then, their mobile phone number attribution can be inferred according to their geographical location. Next, a mobile phone number test set is constructed according to the mobile phone segment allocation made by the three carriers (telecommunication operators) and the exposed parts of the user’s phone number. Finally, a brute-force method is used to break the user’s mobile phone number. The great effect of a user’s geographical location on breaking a mobile phone number is proved by experiments, and security precaution suggestions are given at the end of the paper.
Keywords
