Latest in Hack

Image credit:

Verizon left security researcher hanging while reported URL hack revealed subscribers' texting history (updated)

Joseph Volpe, @jrvolpe
October 21, 2013
Share
Tweet
Share

Sponsored Links

Long wait times and a complete lack of transparency -- no, this isn't a story about a typical call to Verizon customer support. It's what happened when a security researcher discovered a critical privacy vulnerability on Verizon's consumer site and tried, nearly in vain, to get it patched. Back in August, researcher PRVSEC found that a simple URL exploit could allow any subscriber using the site's 'Download to SpreadSheet' function to access any other user's texting history. The hack required nothing more than swapping a subscriber's cell number into the code to view information like date, time, sendee and message status -- actual contents of the SMS or MMS sent could not be accessed.

It took Verizon more than a month from the time PRVSEC submitted the initial report to bring the case to a complete resolution and close the exploit, and an additional month to make the issue public. That the issue was even addressed in the first place is somewhat of a personal victory for PRVSEC, as Verizon's site doesn't offer any direct contact info to report vulnerabilities. PRVSEC was only able to bring the URL exploit to Verizon's attention though a LinkedIn contact. Verizon has since created a dedicated email contact, CorporateSecurity@verizonwireless.com, to field these security issues, but the company's overall slow response time, inaccessibility and lack of transparency should give its subscribers cause for concern. We've reached out to Verizon for comment on the matter and will update should we hear back.

Update: A Verizon rep responded to our request for comment saying, "[We] take customer privacy very seriously, and we addressed this issue as soon as our security teams were made aware of it. Customer information was not impacted. "

Verizon owns Engadget's parent company, Verizon Media. Rest assured, Verizon has no control over our coverage. Engadget remains editorially independent.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Rain may soon be an effective source of renewable energy

Rain may soon be an effective source of renewable energy

View
Apple makes some of its originals available for free

Apple makes some of its originals available for free

View
The best games for PC

The best games for PC

View
Google Meet’s premium features are now free through Sept. 30th

Google Meet’s premium features are now free through Sept. 30th

View
Motorola's Razr is still $1,500 but now you can get it in 'blush gold'

Motorola's Razr is still $1,500 but now you can get it in 'blush gold'

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr