Upgrading to a new phone is always a satisfying feeling, but experts have warned that changing your phone number could be more of a security risk than previously thought.
A report from the Department of Computer Science and Center for Information Technology Policy at Princeton University has found that old phone numbers often remain linked to a previous owner.
This could potentially open the user to a variety of attacks, particularly if they stored personally-identifiable information or account logins linked to the old phone number.
- We've built a list of the best endpoint protection software available
- These are the best antivirus software solutions on the market
- Also check out our roundup of the best malware removal software
The researchers examined 259 phone numbers that were available to new subscribers at two major US wireless carriers, discovering 171 of them were still linked to existing user accounts at a number of commonly-used websites.
100 of the numbers were also linked to previously leaked online credentials, meaning the users had been involved in past data breaches, and that their account could easily be hijacked by getting around typical SMS-based multi-factor authentication.
The team also noted that a majority of the available numbers also ended up displaying results on people search services, which provide personally identifiable information on previous owners, again putting the users at risk.
The report highlighted a number of possible attack vectors it had encountered, including phishing attacks, DDoS assaults, and account takeovers even without knowing the passwords.
However it also noted that some carriers allowed full numbers to previewed either during signup or number change, meaning an attacker could ‘scout out’ a number by looking for linked accounts and owner history, all before obtaining the recycled number.
"Recycled phone numbers can cause trouble for all those involved," the report noted. "Subscribers who are assigned a previously owned phone number often end up receiving communication meant for the previous owners, from threatening robocalls to personal text messages."
"As a regulated industry practice, phone number recycling is unlikely to cease," they added, "(and) more work can be done by all stakeholders to illuminate and mitigate the issues. In particular, online services should no longer equate a correctly-entered SMS passcode with successful user authentication."
In order to stay safe, the researchers noted that users should try and port over their existing numbers when switching devices, or take advantage of "number parking" services that shutter off past accounts.
- We've also highlighted the best firewall services around
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.