{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T04:01:49Z","timestamp":1760241709202,"version":"build-2065373602"},"reference-count":19,"publisher":"MDPI AG","issue":"8","license":[{"start":{"date-parts":[[2018,8,6]],"date-time":"2018-08-06T00:00:00Z","timestamp":1533513600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>Geographical location and mobile phone numbers are important parts of user privacy and lots of studies have been working on the privacy leakage problems of these two aspects. However, no researchers have ever studied the security problems that can be caused by the interaction between them. We show a new form of network attack in this paper by making full use of the relationship between them; namely, we try to break a user\u2019s mobile phone number with the aid of a user\u2019s geographical location that has been broken. We study the phenomenon of exposing a user\u2019s geographical location and parts of their phone number that exist in a series of popular software products, and the possibility of the user\u2019s mobile phone number to be broken is discussed. We choose one of the software (the largest entertainment webcast platform in China\u2014YY) as the research object. First, taking advantage of a series of security vulnerabilities that exist in YY, a user\u2019s accurate geographical location is broken by the trilateration localization algorithm. Then, their mobile phone number attribution can be inferred according to their geographical location. Next, a mobile phone number test set is constructed according to the mobile phone segment allocation made by the three carriers (telecommunication operators) and the exposed parts of the user\u2019s phone number. Finally, a brute-force method is used to break the user\u2019s mobile phone number. The great effect of a user\u2019s geographical location on breaking a mobile phone number is proved by experiments, and security precaution suggestions are given at the end of the paper.<\/jats:p>","DOI":"10.3390\/info9080200","type":"journal-article","created":{"date-parts":[[2018,8,7]],"date-time":"2018-08-07T03:44:18Z","timestamp":1533613458000},"page":"200","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Breaking Users\u2019 Mobile Phone Number Based on Geographical Location: A Case Study with YY"],"prefix":"10.3390","volume":"9","author":[{"given":"Hongzhou","family":"Yue","sequence":"first","affiliation":[{"name":"School of Computer and Information Technology, Xinyang Normal University, Xinyang 464000, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Huaping","family":"Guo","sequence":"additional","affiliation":[{"name":"School of Computer and Information Technology, Xinyang Normal University, Xinyang 464000, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5608-3640","authenticated-orcid":false,"given":"Xingpo","family":"Ma","sequence":"additional","affiliation":[{"name":"School of Computer and Information Technology, Xinyang Normal University, Xinyang 464000, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2018,8,6]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1145\/2505395.2505398","article-title":"Report from Dagstuhl: The liberation of mobile location data and its implications for privacy research","volume":"17","author":"Andrienko","year":"2013","journal-title":"ACM SIGMOBILE Mob. Comput. Commun. Rev."},{"key":"ref_2","first-page":"14","article-title":"Location based services using android mobile operating system","volume":"1","author":"Kushwaha","year":"2011","journal-title":"Int. J. Adv. Eng. Technol."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Li, M., Zhu, H., Gao, Z., Chen, S., Yu, L., Hu, S., and Ren, K. (2014, January 11\u201314). All your location are belong to us: Breaking mobile social networks for automated user location tracking. Proceedings of the 15th ACM International Symposium on Mobile ad Hoc Networking and Computing, Philadelphia, PA, USA.","DOI":"10.1145\/2632951.2632953"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Polakis, I., Argyros, G., Petsios, T., Sivakorn, S., and Keromytis, A.D. (2015, January 12\u201316). Where\u2019s Wally?: Precise user discovery attacks in location proximity services. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA.","DOI":"10.1145\/2810103.2813605"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Xue, M., Liu, Y., Ross, K.W., and Qian, H. (May, January 26). I know where you are: Thwarting privacy protection in location-based social discovery services. Proceedings of the 2015 IEEE Conference on Computer Communications Workshops, Hong Kong, China.","DOI":"10.1109\/INFCOMW.2015.7179381"},{"key":"ref_6","unstructured":"Hoang, N.P., Asano, Y., and Yoshikawa, M. (February, January 31). Your neighbors are my spies: Location and other privacy concerns in dating apps. Proceedings of the 18th International Conference on Advanced Communication Technology, Pyeongchang, Korea."},{"key":"ref_7","unstructured":"Fawaz, K., Feng, H., and Kang, G.S. (2015, January 12\u201314). Anatomization and protection of mobile apps\u2019 location privacy threats. Proceedings of the 24th USENIX Security Symposium, Washington, DC, USA."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Hallsteinsen, S., Jorstad, I., and Thanh, D.V. (2007, January 25\u201331). Using the mobile phone as a security token for unified authentication. Proceedings of the 2nd International Conference on Systems and Networks Communications, Cap Esterel, France.","DOI":"10.1109\/ICSNC.2007.82"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1109\/TDSC.2005.9","article-title":"Database security\u2014Concepts, approaches, and challenges","volume":"2","author":"Bertino","year":"2005","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_10","unstructured":"Halfond, W.G.J., Viegas, J., and Orso, A. (2006, January 13\u201315). A classification of SQL-injection attacks and countermeasures. Proceedings of the 2006 IEEE International Symposium on Secure Software Engineering, McLean, VA, USA."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Fleizach, C., Liljenstam, M., Johansson, P., Voelker, G.M., and Mehes, A. (2007, January 2). Can you infect me now?: Malware propagation in mobile phone networks. Proceedings of the 5th ACM Workshop on Recurring Malcode, Alexandria, VA, USA.","DOI":"10.1145\/1314389.1314402"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Felt, A.P., Finifter, M., Chin, E., Hanna, S., and Wagner, D. (2011, January 17). A survey of mobile malware in the wild. Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, Chicago, IL, USA.","DOI":"10.1145\/2046614.2046618"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Cheng, Y., Ying, L., Jiao, S., Su, P., and Feng, D. (2013, January 8\u201310). Bind your phone number with caution: Automated user profiling through address book matching on smartphone. Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, Hangzhou, China.","DOI":"10.1145\/2484313.2484356"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"267","DOI":"10.1016\/j.cose.2015.04.008","article-title":"Design and analysis of enumeration attacks on finding friends with phone numbers: A case study with KakaoTalk","volume":"52","author":"Kim","year":"2015","journal-title":"Comput. Secur."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Gupta, S., Gupta, P., Ahamad, M., and Kumaraguru, P. (2016, January 24). Exploiting phone numbers and cross-application features in targeted mobile attacks. Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile Devices, Vienna, Austria.","DOI":"10.1145\/2994459.2994471"},{"key":"ref_16","unstructured":"Schrittwieser, S., Fruehwirt, P., Kieseberg, P., Leithner, M., Mulazzani, M., Huber, M., and Weippl, E. (2012, January 5\u20138). Guess who is texting you? Evaluating the security of smartphone messaging applications. Proceedings of the 19th Annual Network & Distributed System Security Symposium, San Diego, CA, USA."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Kim, E., Park, K., Kim, H., and Song, J. (2014, January 25\u201327). I\u2019ve got your number: Harvesting users\u2019 personal data via contacts sync for the KakaoTalk Messenger. Proceedings of the 15th International Workshop on Information Security Applications, Jeju Island, Korea.","DOI":"10.1007\/978-3-319-15087-1_5"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Gupta, S. (2016, January 18\u201321). Emerging threats abusing phone numbers exploiting cross-platform features. Proceedings of the 2016 IEEE\/ACM International Conference on Advances in Social Networks Analysis and Mining, San Francisco, CA, USA.","DOI":"10.1109\/ASONAM.2016.7752410"},{"key":"ref_19","unstructured":"Murphy, W., and Hereman, W. (1995). Determination of a Position in Three Dimensions Using Trilateration and Approximate Distances, Department of Mathematical and Computer Sciences, Colorado School of Mines. Technical Report: MCS-95-07."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/9\/8\/200\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T15:16:54Z","timestamp":1760195814000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/9\/8\/200"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,8,6]]},"references-count":19,"journal-issue":{"issue":"8","published-online":{"date-parts":[[2018,8]]}},"alternative-id":["info9080200"],"URL":"https:\/\/doi.org\/10.3390\/info9080200","relation":{},"ISSN":["2078-2489"],"issn-type":[{"type":"electronic","value":"2078-2489"}],"subject":[],"published":{"date-parts":[[2018,8,6]]}}}