Closed marsavar closed 10 months ago
I think this is expected behavior, to prevent someone who switched phone number from blocking the new owner of the phone number to use Signal. The registration attempt was with the real verification code, which means the one registering had access to the phone number.
I am running
signal-cli
(latest version, 0.12.7) on two separate machines.On machine 1, I have successfully used the
setPin
command.To verify that machine 2 can't arbitrarily re-register the same phone number, I tried to run the
register
andverify
commands on machine 2, using the same account number that machine 1 is associated with (note that I used a real verification code [^1]) As expected, this correctly failed with the following error:However, after running this command on machine 2, I was no longer able to run any
signal-cli
commands on machine 1, as it appears that the number became deregistered.Is this behaviour intended?
My assumption was that having a PIN would help prevent SIM swap attacks, and the orignal number shouldn't be deregistered.
Thanks for your help.
[^1]: I have attempted to replicate the issue with a made-up verification code but I am currently being rate-limited by the Signal API.