The essence of the problem was to walk around the Google Protection System. The researcher used an action chain, including skipping restrictions on the number of attempts to overcome the right phone number. According to him, a fully automatic attack may take less than 20 minutes.
TechCrunch created a new account with a unique number to confirm the vulnerability and gave Brutecat. Soon after, he sent the right number by confirming a successful hack.
The danger of such a vulnerability is that the attackers knowing the personal number can try to access the account, for example, through the SIM card substitution.
Google quickly eliminated the error and thanked the researcher for help.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
