[julianlam]

On a not-so-related note, a number of sites and messaging apps require login via phone number. This doesn't seem to have necessarily penetrated western apps, but is seemingly more prevalent in Asian/African countries.

Does this mean those applications are ipso facto vulnerable, via a similar attack vector?

[tialaramex]

If the phone number is acting as the identity (like email for a lot of sites today) then no, that's not vulnerable to anything, though over the longer term it can cause confusion as "your" phone number turns out to have previously belonged to somebody else who isn't using the phone number any more but does use lots of accounts with that number...

[progval]

> If the phone number is acting as the identity (like email for a lot of sites today) then no, that's not vulnerable to anything

Email is hard to hack (you need a password, and possibly a second factor if the email account is properly secured).

Phone numbers are easier to spoof using SIM swapping. See https://www.theverge.com/2019/8/31/20841448/jack-dorsey-twit...