| The Hacker News |
| The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers // via fulltextrssfeed.com |
Simple, but Critical vulnerability in Verizon Portal revealed users' SMS History
10/21/2013 4:21:00 PM
To exploit, an attacker only needs to modify the subscriber's phone number in the URL and this would give an attacker access to the SMS history to the targeted account.
https://wbillpay.verizonwireless.com/vzw/accountholder/unbilledusage/UnbilledMessaging.action?d-455677-e=2&1548506v4671=1&mtn=999999999
Where variable 'mtn' within the URL defines the mobile number and an attacker just need to modify this. "Message details consist of: Date, Time, To, From, and Direction an SMS or MMS took place. With no user interaction, all that was required was a subscriber's phone number." he explained.
There were no safeguards to ensure that the person downloading the spreadsheet owned that number, potentially exposing tens of millions of Verizon customer contact lists and texting habits.
As Verizon's site doesn't offer any direct contact info to report vulnerabilities, so he finds someone on LinkedIn who had forwarded his request to Verizon's corporate security.
Now Verizon has created a dedicated email contact, CorporateSecurity@verizonwireless.com, to field these security issues.
Mohit Kumar - Founder and Editor-in-Chief of 'The Hacker News'. Cyber Security Analyst, Information Security Researcher, Developer and Part-Time Hacker. (Google+ Profile)Popular Stories
You are receiving this email because you subscribed to this feed at feedmyinbox.com
If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions
0 comments:
Post a Comment