Hacking the call records of millions of Americans

> So surely the server validated that the phone number being requested was tied to the signed in user? Right? Right?? Well…no. It was possible to modify the phone number being sent, and then receive data back for Verizon numbers not associated with the signed in user.

Yikes. Seems like a pretty massive oversight by Verizon. I wish in situations like this there was some responsibility of the company at fault to provide information about if anyone else had used and abused this vector before it was responsibly disclosed.

> The Verizon Call Filter app uses the endpoint hxxps://clr-aqx.cequintvzwecid.com/clr/callLogRetrieval to lookup call history for the authenticated user and display it in the app.

Have you ever seen a more internal-looking domain name?

Crazy that this is possible at such a giant like Verizon. But it seems to happen more often than before.

Where was the pen testing?

Who is charge of security over there?

There need to be some answers, this is such an obvious and easily exploited security hole we need to ask what else is leaking from them?

Good that they fixed it quickly.

Call logs are printed on every billing statement by default. I believe it may even include SMS messages in some cases.

This data has likely proliferated widely throughout the company, subsidiaries and contractors, to reside on an unknowable number of systems. I would assume call record metadata is fully compromised at this point.

That’s not to take away from the finding in the blog – I’m merely commenting on the question in its conclusion, about the implications of a barely know technology vendor controlling the vulnerable server holding this data.

i have always wondered something about this kind of hacking. How do you guys come up with these ideas. Should I download the top 100 apps from the AppStore or Playstore and try to reverse them or introspect their requests and see if I hit a jackpot. Perhaps I can report a bug bounty and maybe score some credit from the company to whom the app belongs. There are millions of apps across both stores. Perhaps find a way to introspect all of them? No seriously, do you do this full time. Is ethical hacking your job or how does this work? How do you randomly go about finding stuff that nobody has found out before

I am hoping they paid a bounty for this (> 20k). Otherwise doing the right thing isn't right in my opinion. Their MBAs will not see a lesson to be learned, but something that is to be swept under the rug

How isn't this the breaking news story of this and future weeks to come? The government likes to spread a lot of FUD about how foreign nation states can interfere with citizens, but when there is an actual vulnerability in such corporate turds as Verizon that actually allows the foreign nation to spy on you, nobody in the media bats an eye.

Of course, the answer is that the corporations own both Congress and the media.

it's odd that this is called "hacking" as there is no formal procedure or rules around granting access to phone records, and the huge number of "scandles" involving the abuse of phone records and the open use in tracking phones for assasination of foreign nationals cant be done without the casual access to all phone records, so there can be no doubts about an ongoing situation that continiously violates everyones right to private comunication. the headline is best described as a test of complacency. why bother?

How did he intercept what API calls a mobile app was making?