A vulnerability in Verizon Wireless’ Web-based customer portal let anyone with subscribers’ phone numbers download their complete short-message-service history, including the phone numbers of people with whom they communicated. The Verizon website failed to verify that the number entered into the application actually belonged to the person entering it. Once a number was entered, the person could download its SMS message history. A Verizon customer reportedly discovered the vulnerability and reported it to the company. Verizon then took more than a month to resolve the issue and another month to publicly disclose it. Verizon issued a statement to Engadget stating “we addressed this issue as soon as our security teams were made aware of it. Customer information was not impacted.” (SlashDot)(ThreatPost)(Engadget)
Friday, November 15, 2013
Verizon Vulnerability Left Subscribers’ Texting Histories Accessible
