These severe security flaws, however, are not unique to FriendTech. Instead, any platform that uses your mobile number to verify your identity is susceptible to this kind of attack.
Think about all the things that you use your mobile number for- your email, social media platforms, bank accounts, and many more.
So much of our personal information is secured by our phone number, and yet, many of us don’t bother keeping our phone numbers private.
In part, it’s also because our phone numbers were inherently designed to be shared with others. In the early days of mobile phones, these numbers were shared so that we could contact each other. Until the rise of social media platforms like Facebook, Instagram, and Telegram, phone numbers were crucial in being able to get in touch with someone, whether that someone was your friend, partner, or colleague.
Yet today, phone numbers straddle uncomfortably between their dual roles as unique personal identifiers that can be used to determine if a person is really who they say they are, and as a crucial piece of personal information that is meant to be disseminated amongst one’s contacts or potential contacts.
But this paradox is one that is not sustainable. How can something that is meant to be personal information also be something that is widely shared and publicly viewable?
A workaround to this problem is exemplified by many of today’s youth, in the creation of multiple social media accounts, phone numbers and emails. Each number has its purpose- one for personal use, like catching up with friends; one for professional use, which might be given freely to colleagues and clients; and one for all other purposes, such as gaming.
The reason for this is eminently practical. A personal number is used differently from a professional number: the professional number may be disseminated widely and made public, for the account does not contain personal information, while the personal number is only made available to friends and family.
Unfortunately, this doesn’t always work. There will still remain phone numbers that are used to authenticate one’s identity to banks, social media accounts, and other important markers of identity, and consequently, these numbers will remain targets for hackers.
And as we move into the Web3 world, this problem gets even worse.