Simple Bug Exposed Verizon Users' SMS Histories

Trailrunner7 writes "A security researcher discovered a simple vulnerability in Verizon Wireless's Web-based customer portal that enabled anyone who knows a subscriber's phone number to download that user's SMS message history, including the numbers of the people he communicated with. The vulnerability, which has been resolved now, resulted from a failure of the Verizon Web app to check that a number entered into the app actually belonged to the user who was entering it. After entering the number, a user could then download a spreadsheet file of the SMS activity on a target account. Cody Collier, the researcher who discovered the vulnerability, said he decided right away to report it to Verizon because he is a Verizon customer and didn't want others to have access to his account information. 'I am a Verizon Wireless customer myself, so upon finding this, I immediately looked for a way to contact Verizon. I wouldn't want my account information to exposed in such way,' Collier said via email."

Hasn't been sued yet?

[michelcolman]

Most of the time, when somebody discloses a vulnerability like that in a responsible way, the result is a bunch of angry letters from lawyers accusing the reporter of hacking into the system, demanding damages to be paid, etcetera.

Apparently that didn't happen in this case, so this really is a news story!

Re:Hasn't been sued yet?

The news is that the NSA complained that Verizon SMS went dark...

Re:How can it be?

[Joining+Yet+Again]

Newsflash: big corps, health care providers, governments... have 1 competent and responsible employee for 100 hacks in their employ.

And you know what the worst thing is? Everybody thinks they're the 1 competent employee.

Title sounds like a web ad

[Dave+Emami]

"Learn about this one weird bug that Verizon doesn't want you to know!"