1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Verizon security flaw could allow hackers to view entire call his

    From TechnologyDaily@1337:1/100 to All on Thu Apr 3 14:30:09 2025
    Verizon security flaw could allow hackers to view entire call history

    Date:
    Thu, 03 Apr 2025 13:22:00 +0000

    Description:
    Verizon fixed the flaw in March 2025, but users should still be on their guard.

    FULL STORY ======================================================================Security
    researcher finds bug in an API used in a Verizon mobile app The bug allowed threat actors to view other people's call logs It was found in February 2025 and fixed in March, but users should still take care

    A bug in a Verizon API allowed malicious actors to view other peoples
    incoming call logs until it was fixed.

    Cybersecurity researcher Evan Connelly found the bug in Call Filter, a free app Verizon ships with all iOS and Android devices sold directly through the telco to help users block spam calls, identify unknown numbers, and avoid robocalls.

    Given Verizons large subscriber base, the app likely has millions of users,
    as it offers features like spam detection, caller ID, personal block lists, and automatic blocking of high-risk calls. Call Filter also has a premium version which adds spam lookup, custom controls, and caller ID for unknown numbers.

    Monitor your credit score with TransUnion starting at $29.95/month

    TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnions advanced risk assessment tools.

    Preferred partner ( What does this mean? ) View Deal Targeting journalists

    As Connelly explained, the app connects to an API endpoint where it retrieves the logged-in users incoming call history, and then displays it in the app. However, due to a misconfiguration in the API, the users phone number is not verified, meaning that any user could request the data for anyone else.

    Connelly tested the iOS version, but claims the problem is platform-agnostic, since the bug resides in the API, instead of the app itself.

    Seeing someones call log might not seem like much at first, but Connelly
    warns that it could be a powerful surveillance tool, especially against high-profile targets such as journalists, government opponents, dissidents, and similar.

    "Call metadata might seem harmless, but in the wrong hands, it becomes a powerful surveillance tool. With unrestricted access to another user's call history, an attacker could reconstruct daily routines, identify frequent contacts, and infer personal relationships," Connelly said.

    Verizon addressed the flaw sometime in March 2025, but we dont know for how long this information was exposed, so users should still take extra care.

    Via BleepingComputer You might also like Private API keys and passwords
    found in AI training dataset - nearly 12,000 details leaked We've rounded up the best password managers Take a look at our guide to the best authenticator app



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/verizon-security-flaw-could-allow-hacke rs-to-view-entire-call-history


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)