Slashdot Mirror

← Back to Stories (view on slashdot.org)

Simple Bug Exposed Verizon Users' SMS Histories

Posted by Soulskill on from the nsa-never-needed-to-ask dept.

Trailrunner7 writes "A security researcher discovered a simple vulnerability in Verizon Wireless's Web-based customer portal that enabled anyone who knows a subscriber's phone number to download that user's SMS message history, including the numbers of the people he communicated with. The vulnerability, which has been resolved now, resulted from a failure of the Verizon Web app to check that a number entered into the app actually belonged to the user who was entering it. After entering the number, a user could then download a spreadsheet file of the SMS activity on a target account. Cody Collier, the researcher who discovered the vulnerability, said he decided right away to report it to Verizon because he is a Verizon customer and didn't want others to have access to his account information. 'I am a Verizon Wireless customer myself, so upon finding this, I immediately looked for a way to contact Verizon. I wouldn't want my account information to exposed in such way,' Collier said via email."

3 of 60 comments (clear)

  1. Re:Hasn't been sued yet? by Anonymous Coward · · Score: 5, Funny

    The news is that the NSA complained that Verizon SMS went dark...

  2. Re:What allows them to store your entire SMS histo by Anonymous Coward · · Score: 4, Funny

    They tried advertising it as a data retention and wiretap service, but it didn't do so well in focus groups.

  3. Title sounds like a web ad by Dave+Emami · · Score: 5, Funny

    "Learn about this one weird bug that Verizon doesn't want you to know!"

    --

    "The Greens lynched a hacker in Chicago. Last month, but I think the body's still hanging from the old Water Tower."