There was a thread here recently about how it costs 10 bucks to rent out a cellular tower in Malaysia and co-opt a cell phone number as roaming, in order to defeat SMS security 2FA. Experts on HN were saying that the trunk level protocols for cell phone numbers are pretty much worthless when it comes to security. Their conclusion was that: security in this world is so poor that you might as well live with the assumption that there is no real security for public services.
I have a friend that was at the beach with her husband, and she had taken her phone with her, but her husband left his in the car.
Thieves had used a jammer/replay device to unlock their car, remove her husband's phone from his Otterbox case, take his SIM card, reassemble the phone, and steal several credit cards from his wallet (also in the car).
Within the hour, my friend began receiving fraud alerts. If she had not taken her phone with her, they would not have known for quite a few hours, at least.
> Making matters worse, if you then pay the bill on someone else's account, the system prompts you to add yourself as an authorized user and requests the callers phone number, potentially granting them full access to your account.
Uhm yeah sure boring stuff. Can I have your phone number?
Yes, really. Of course they are nice enough to support multiple methods of searching for accounts, so you aren’t restricted to just looking up by IP addresses.
If I read this correctly, you have to spoof the telephone number in order to get the address, and you only get it read out loud so automation isn't trivial.
To me, it doesn't feel like a big deal, but that might be because in Sweden, everyone's [1] addresses are freely available and searchable online, given for example name or telephone number. See [2] and [3] for example.
So are telephone numbers and addresses considered very private in the US? Some comments in the Reddit thread suggest security bounties etc.
I'm swedish as well, and explaining this to my wife from Peru was a fun experience. The rest of the world is not as open with neither address information or salary information as Sweden is. If this is good or bad, I'm not sure but it saved me in a number of situations to be able to search for someone's number via a public website.
Keep in mind that the social number in USA is apparently also supposed to be secret (like a password) which sounds absolutely crazy to me.
>So are telephone numbers and addresses considered very private in the US?
Very private? Not usually. Unless someone chose (and paid) to have them unlisted, they used to be in published whitepages. And the overwhelming majority of people didn't pay to have them removed.
Today cellphone numbers are typically more private although addresses for most people are still usually pretty easy to find and are often part of a public record that can be searched.
> So are telephone numbers and addresses considered very private in the US?
To a degree yes, there is no public resource to lookup that information. There are however brokers who deal in that data however the quality is questionable (e.g. I routinely receive fliers in the mail at my new address from house flippers who wish to purchase my old property).
People in the US consider their address to be private information even if it is easily obtainable.
Cell numbers are often harder to Google.
However, if I google my own, I do find a link to a third party site that has my full name and home address available for free.
If you're in the US you receive about 3 spoofed "spam" calls a day telling you the IRS is sending the cops after you, that you need to pay for Mandarin classes (in Mandarin), and "Vacation Opportunities"... so the idea that spoofing a telephone number is difficult or rare is obviously untrue.
The idea that an automated read out of an address (especially any number) makes capture difficult is a little strange. If nothing else, hire Mechanical Turk for 5 cents.
What the value of the information is (and whether it's below cost) I don't know, but the fact that you have Comcast shows that you have a fair bit of disposable income ... so whether it's another spam call to a known good number in a targeted location or just to check if you're home before you're robbed... I'd say it might be worth at least pennies.
I recall once when a storm knocked down the cable lines in my neighbor's yard. He called Comcast to report the downed line however he wasn't a customer but some how got an appointment to come out on my account. I received a call confirming the appointment time the day it was set to happen.
Aother interesting quirk of their system is that if you ever contact them about your account, whatever phone number you use to contact them is automatically added to their CRM system and associated with your account. That phone number is not shown on your account though if you login to check.
I know this because I received a marketing call at my Office Desk Phone regarding my home account. The agent asked for me by name and then said something like "hi, I was calling to discuss your account that services <my address>". I logged into my Account on their website and verified that my office phone number was not associated with my account. Then I interrupted their script to ask how they got the number and they said that it was associated with my account.
32 comments
[ 5.6 ms ] story [ 95.2 ms ] threadComcast will let anyone get your home address, name, last 4 digits of SSN with just your IP address!
Thieves had used a jammer/replay device to unlock their car, remove her husband's phone from his Otterbox case, take his SIM card, reassemble the phone, and steal several credit cards from his wallet (also in the car).
Within the hour, my friend began receiving fraud alerts. If she had not taken her phone with her, they would not have known for quite a few hours, at least.
https://news.ycombinator.com/item?id=16771649
Uhm yeah sure boring stuff. Can I have your phone number?
IP address? Really?
To me, it doesn't feel like a big deal, but that might be because in Sweden, everyone's [1] addresses are freely available and searchable online, given for example name or telephone number. See [2] and [3] for example.
So are telephone numbers and addresses considered very private in the US? Some comments in the Reddit thread suggest security bounties etc.
[1] Unless you have a protected identity.
[2] https://www.eniro.se/
[3] https://www.hitta.se/
Keep in mind that the social number in USA is apparently also supposed to be secret (like a password) which sounds absolutely crazy to me.
> Keep in mind that the social number in USA is apparently also supposed to be secret (like a password) which sounds absolutely crazy to me.
That's very true, reminds me of this video [1] by CGP Grey, giving some background of the issue.
[1] https://www.youtube.com/watch?v=Erp8IAUouus
Only by people who are unfamiliar with how things work in the US.
This thing right here is nothing, I see worse stuff on a daily basis.
Very private? Not usually. Unless someone chose (and paid) to have them unlisted, they used to be in published whitepages. And the overwhelming majority of people didn't pay to have them removed.
Today cellphone numbers are typically more private although addresses for most people are still usually pretty easy to find and are often part of a public record that can be searched.
To a degree yes, there is no public resource to lookup that information. There are however brokers who deal in that data however the quality is questionable (e.g. I routinely receive fliers in the mail at my new address from house flippers who wish to purchase my old property).
People in the US consider their address to be private information even if it is easily obtainable.
You can enter just about any land line number and find the home address in the first page of search results.
I've had the same cellphone number for over 20 years, never in my life have I had a land line.
The idea that an automated read out of an address (especially any number) makes capture difficult is a little strange. If nothing else, hire Mechanical Turk for 5 cents.
What the value of the information is (and whether it's below cost) I don't know, but the fact that you have Comcast shows that you have a fair bit of disposable income ... so whether it's another spam call to a known good number in a targeted location or just to check if you're home before you're robbed... I'd say it might be worth at least pennies.
Unless you have access to facebooks internal database, because surely one of your friends have installed facebook...
Aother interesting quirk of their system is that if you ever contact them about your account, whatever phone number you use to contact them is automatically added to their CRM system and associated with your account. That phone number is not shown on your account though if you login to check.
I know this because I received a marketing call at my Office Desk Phone regarding my home account. The agent asked for me by name and then said something like "hi, I was calling to discuss your account that services <my address>". I logged into my Account on their website and verified that my office phone number was not associated with my account. Then I interrupted their script to ask how they got the number and they said that it was associated with my account.