Hacking the call records of millions of Americans
a year ago
- #Vulnerability
- #Privacy
- #Cybersecurity
- A security vulnerability in the Verizon Call Filter iOS app allowed unauthorized access to call history logs of Verizon Wireless customers.
- The vulnerability enabled attackers to retrieve call logs for any Verizon number by modifying the phone number in the request, bypassing authentication checks.
- Call metadata, including timestamps and incoming call details, could be exploited for surveillance, posing risks to privacy and safety, especially for vulnerable individuals.
- The issue stemmed from a lack of server-side validation between the phone number in the request header and the authenticated user's JWT token.
- The vulnerable endpoint, hosted on a domain linked to Cequint, a telecom technology company, raised concerns about data security and access controls.
- Verizon responded promptly, acknowledging the report and resolving the issue within a month of discovery.