Slashdot Mirror

← Back to Stories (view on slashdot.org)

Simple Bug Exposed Verizon Users' SMS Histories

Posted by Soulskill on from the nsa-never-needed-to-ask dept.

Trailrunner7 writes "A security researcher discovered a simple vulnerability in Verizon Wireless's Web-based customer portal that enabled anyone who knows a subscriber's phone number to download that user's SMS message history, including the numbers of the people he communicated with. The vulnerability, which has been resolved now, resulted from a failure of the Verizon Web app to check that a number entered into the app actually belonged to the user who was entering it. After entering the number, a user could then download a spreadsheet file of the SMS activity on a target account. Cody Collier, the researcher who discovered the vulnerability, said he decided right away to report it to Verizon because he is a Verizon customer and didn't want others to have access to his account information. 'I am a Verizon Wireless customer myself, so upon finding this, I immediately looked for a way to contact Verizon. I wouldn't want my account information to exposed in such way,' Collier said via email."

1 of 60 comments (clear)

  1. Re:Hasn't been sued yet? by cyberjock1980 · · Score: 1, Redundant

    This may be labeled as funny, but I saw this article just a few minutes before it popped up on Slashdot, and I thought the exact same thing.

    The truth is we really don't know how long this problem has existed for, nobody knows if this was an accident or an "accident", and there's no telling who may have used this and to what depth. The NSA could have used this to scrape the SMS messages of every Verizon customer for weeks, months, or years.

    Considering all the stuff about the NSA going around, I really don't consider it that unlikely to have been used by the NSA. They're so busy undermining all of our liberties(even people ourside our borders) that I'm just not surprised by it anymore.

    I really wonder if this whole NSA thing is going to cause a small revolution in IT leading to more secure systems not to keep out would-be hackers but to keep out our own governments. People seem to be far more concerned about government access to their data than anonymous hackers that gained access.

    I guess we'll see in 5 years if the atmosphere around computer security has changed...