Hacker News new | past | comments | ask | show | jobs | submit login

Sure, and instead, people use apps like Signal or WhatsApp, which are tied to phone numbers, on which the attacker can now register to your phone number thanks to his receiving your SMS...



If you tell Signal not to allow anybody else to re-register from your phone number without your PIN it will enforce this until at least seven days passes without you using Signal.

If you've uninstalled Signal or just never use your phone then yeah, after a week or so this proposed attack "works" and the safety numbers for any ongoing conversations with anybody reset (the attacker doesn't know the long term identity key for your phone so they'll get a new one, thus generating a different safety number), which will be notified to the other participants although since you presumably never use Signal there may not be any such conversations.


> If you tell Signal not to allow

Big if already

> the safety numbers for any ongoing conversations with anybody reset ... which will be notified to the other participants

"Hi <name>, I have a new device, can you help me ____"


Absolutely. Was just responding to SMS being a direct part of people's "social existence", which it really isn't in most of the world.

As you say, though, it's one step away from things that are in fact directly used for communication.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: