cancel
Showing results for 
Search instead for 
Did you mean: 

Why PUK numbers are available online

User
Level 1: Joiner
  • 5 Posts
  • 1 Topics
  • 0 Solutions
Registered:

I was considering to switch on SIM PIN protection for additional security. Before doing that, I was curious to find my PUK number.

 

While doing so, I have suprisingly found that that my PUK code is publicly available online on https://www.o2.co.uk/help/phones-sims-and-devices/unblock-your-phone if I enter my phone number.

 

If I understand correctly, that is a complete security breach in the sense that even if I have an activated SIM PIN lock, any thief who steals my phone can just enter 3 random PINs incorrectly, and then use the PUK from the web-site just by entering my number.

 

I have assumed that the PUK should be protected by a mobile operator and be provided to a mobile network customer only after necessary verification is provided.

 

Could you advise, please, do I miss anything?

Message 1 of 14
3,888 Views
13 REPLIES 13

Bambino
Level 84: Resplendent
  • 22943 Posts
  • 1022 Topics
  • 3662 Solutions
Registered:
@User If a thief stole your phone, how would they know what your number is?

I DO NOT WORK FOR O2



Funniest-Thread-2
Message 2 of 14
3,517 Views

jonsie
Level 94: Supreme
  • 92921 Posts
  • 608 Topics
  • 6913 Solutions
Registered:

I think we had this discussion a couple of years back. Having PUK numbers available isn't a great security risk. As @Bambino says, unless the thief knows you and your number, the account will be secure. Most thieves will attempt to change the sim card if the sim and phone are secure. A screen lock is vital and then the sim pin is irrelevant unless your sim is put into another phone.

Message 3 of 14
3,466 Views

User
Level 1: Joiner
  • 5 Posts
  • 1 Topics
  • 0 Solutions
Registered:

Thank you. My name (which is quite "unique" as opposite to something more common like "John Smith") can be found in my phone screen lock options. Then, because of my business activities and Internet presence, my phone number can be found on the Internet by my name. Even if I did not have my name on the phone screen lock, sometimes I participate in some business events (including giving talks) so my name can be found that way (especially if there are any thieves at some big events) or through my business cards (and my business cards can be stolen with my phone).


I just don't understand why O2 would purposefully make my "secret" PUK code public and by doing so eliminates a very good, secure way to protect my SIM. If I understand correctly, with the SIM PIN and PUK (if they are both secret), it provides an almost guaranteed protection from a SIM misuse by the common thieves, at least in the first few hours before the SIM is blocked by me with O2 customer support.

Message 4 of 14
3,454 Views

MI5
Level 94: Supreme
  • 143438 Posts
  • 632 Topics
  • 27490 Solutions
Registered:
The sim pin is only known to you so even if they managed to get your number and join all the dots, the sim pin will still lock out your sim.
I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.

Currently using:
Pixel 7a (O2 & Lyca), One Plus 6 (Sfr), iPhone 12 Pro Max (Vodafone)
Message 5 of 14
3,451 Views

Bambino
Level 84: Resplendent
  • 22943 Posts
  • 1022 Topics
  • 3662 Solutions
Registered:

@User  Why don't you just delete your name from your screen lock and use some other "unique" word so you could still identify your phone without giving anything away about who you actually are? Everyone puts their phone number on their business card. Your scenario is possible, but not very likely. A thief would have to crack your screen lock PIN first, and you could disable your phone remotely if that did happen before they got any further.

https://www.wikihow.com/Disable-a-Stolen-Mobile-Phone

I DO NOT WORK FOR O2



Funniest-Thread-2
Message 6 of 14
3,443 Views

User
Level 1: Joiner
  • 5 Posts
  • 1 Topics
  • 0 Solutions
Registered:

Thank you, MI5. Unless I miss or misunderstand how the PUK works, all they need to do (if they have connected the dots) is to enter any random PIN 3 times, and they just enter the right PUK, and they can change the PIN to whatever value. That is, if they do know the PUK, to the best of my understanding, it does not matter if they don't know the PIN: they still can unlock the SIM. (Unless I misunderstand how it works.)

Message 7 of 14
3,429 Views

User
Level 1: Joiner
  • 5 Posts
  • 1 Topics
  • 0 Solutions
Registered:

Thank you, Bambino, I see what you mean. Yes, it is less likely that someone, who has stolen my phone, will know my name but if they happen to steal it with my business card or my credit/debit card, then it is straightforward for them to find my phone number and then the PUK...

 

I just don't understand why the PUK has been made publicly available by O2 for any (or many) phone numbers...

Message 8 of 14
3,427 Views

MI5
Level 94: Supreme
  • 143438 Posts
  • 632 Topics
  • 27490 Solutions
Registered:

Fair point @User 

Probably best if only made available after logging into your MyO2 but I guess it's not something they feel is frequently abused.

I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.

Currently using:
Pixel 7a (O2 & Lyca), One Plus 6 (Sfr), iPhone 12 Pro Max (Vodafone)
Message 9 of 14
3,419 Views

Bambino
Level 84: Resplendent
  • 22943 Posts
  • 1022 Topics
  • 3662 Solutions
Registered:

@User  From this site, it looks pretty easy to get a PUK from any network if you have the right info. https://www.uswitch.com/mobiles/guides/how-to-get-your-puk-and-unlock-your-phone/

I DO NOT WORK FOR O2



Funniest-Thread-2
Message 10 of 14
3,416 Views