Simple Bug Exposed Verizon Users' SMS Histories 60
Trailrunner7 writes "A security researcher discovered a simple vulnerability in Verizon Wireless's Web-based customer portal that enabled anyone who knows a subscriber's phone number to download that user's SMS message history, including the numbers of the people he communicated with. The vulnerability, which has been resolved now, resulted from a failure of the Verizon Web app to check that a number entered into the app actually belonged to the user who was entering it. After entering the number, a user could then download a spreadsheet file of the SMS activity on a target account. Cody Collier, the researcher who discovered the vulnerability, said he decided right away to report it to Verizon because he is a Verizon customer and didn't want others to have access to his account information. 'I am a Verizon Wireless customer myself, so upon finding this, I immediately looked for a way to contact Verizon. I wouldn't want my account information to exposed in such way,' Collier said via email."
Re:Hasn't been sued yet? (Score:5, Funny)
The news is that the NSA complained that Verizon SMS went dark...
Re:What allows them to store your entire SMS histo (Score:4, Funny)
They tried advertising it as a data retention and wiretap service, but it didn't do so well in focus groups.
Title sounds like a web ad (Score:5, Funny)