Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Verizon Bug Communications Privacy Security

Simple Bug Exposed Verizon Users' SMS Histories 60

Posted by Soulskill from the nsa-never-needed-to-ask dept.
Trailrunner7 writes "A security researcher discovered a simple vulnerability in Verizon Wireless's Web-based customer portal that enabled anyone who knows a subscriber's phone number to download that user's SMS message history, including the numbers of the people he communicated with. The vulnerability, which has been resolved now, resulted from a failure of the Verizon Web app to check that a number entered into the app actually belonged to the user who was entering it. After entering the number, a user could then download a spreadsheet file of the SMS activity on a target account. Cody Collier, the researcher who discovered the vulnerability, said he decided right away to report it to Verizon because he is a Verizon customer and didn't want others to have access to his account information. 'I am a Verizon Wireless customer myself, so upon finding this, I immediately looked for a way to contact Verizon. I wouldn't want my account information to exposed in such way,' Collier said via email."
This discussion has been archived. No new comments can be posted.

Simple Bug Exposed Verizon Users' SMS Histories More

Simple Bug Exposed Verizon Users' SMS Histories

Comments Filter:

  • Hasn't been sued yet? (Score:5, Interesting)

    by michelcolman ( 1208008 ) on Tuesday October 22, 2013 @05:26AM (#45198567)

    Most of the time, when somebody discloses a vulnerability like that in a responsible way, the result is a bunch of angry letters from lawyers accusing the reporter of hacking into the system, demanding damages to be paid, etcetera.

    Apparently that didn't happen in this case, so this really is a news story!

  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Tuesday October 22, 2013 @05:37AM (#45198619)
    Comment removed based on user account deletion

  • LERT out of business? (Score:4, Interesting)

    by Yebyen ( 59663 ) on Tuesday October 22, 2013 @09:50AM (#45200061) Homepage

    When I called Verizon customer service to see if they could send me a log of my text messages, I was informed it would cost me $50 and a letter from my lawyer to their Law Enforcement Response Team (LERT). I am glad to see that just anyone could get that information without any lawyer, $50, or even proving who they are.

    Is this facility still available for paying customers of Verizon Wireless, to view their own text message history without the need for a team of lawyers?

    I've just tried it on my account, it looks like it is available to the person who is paying my bill but not to myself (the Account Member gets basically no special privileges other than using the phone and viewing aggregate usage statistics to avoid going over the account limits.)

    It would have been nice if Verizon had advised me of this service, rather than stonewalling me and telling me to get a lawyer

Slashdot Top Deals

There are two ways to write error-free programs; only the third one works.

Close