CyberSecurity news
FlagThis
@The DefendOps Diaries
//
A vulnerability in Verizon's Call Filter feature exposed customers' incoming call history, allowing unauthorized access to call logs. Security researcher Evan Connelly discovered the flaw in the Verizon Call Filter iOS app, revealing that it was possible to access the incoming call logs for any Verizon Wireless number through an unsecured API request. The vulnerability was reported to Verizon on February 22, 2025, and acknowledged by the company two days later. The flaw was subsequently fixed by March 25, 2025.
The vulnerability was rooted in the backend API used by the Verizon Call Filter app, which failed to verify that the phone number requested for call history matched the authenticated user’s number. An attacker with a valid JSON Web Token (JWT) could manipulate the request header and retrieve call logs for any Verizon customer. This oversight allowed modification of the phone number being sent, and data could be received back for Verizon numbers not associated with the signed-in user, raising significant privacy and safety concerns for Verizon Wireless customers.
ImgSrc: thedefendopsdia
References :
The vulnerability was rooted in the backend API used by the Verizon Call Filter app, which failed to verify that the phone number requested for call history matched the authenticated user’s number. An attacker with a valid JSON Web Token (JWT) could manipulate the request header and retrieve call logs for any Verizon customer. This oversight allowed modification of the phone number being sent, and data could be received back for Verizon numbers not associated with the signed-in user, raising significant privacy and safety concerns for Verizon Wireless customers.
ImgSrc: thedefendopsdia
Share:
References :
- bsky.app: A vulnerability in Verizon's Call Filter feature allowed customers to access the incoming call logs for another Verizon Wireless number through an unsecured API request.
- The DefendOps Diaries: Understanding the Verizon Call Filter API Vulnerability
- BleepingComputer: Verizon Call Filter API flaw exposed customers' incoming call history
- DataBreaches.Net: Security researcher Evan Connelly recently identified a security vulnerability in the Verizon Call Filter iOS app which made it possible for a malicious actor to leak call history logs of Verizon Wireless customers.
- securityonline.info: Verizon Call Filter App Vulnerability Exposed Call Records of Millions
- CyberInsider: Verizon Call Filter App Flaw Exposed Call Logs of Millions of Customers
- www.itpro.com: Verizon Call Filter API flaw could’ve exposed millions of Americans’ call records
- Malwarebytes: Flaw in Verizon call record requests put millions of Americans at risk
- Talkback Resources: TalkBack.sh: Flaw in Verizon call record requests put millions of Americans at risk
- securityaffairs.com: A flaw in Verizon’s iOS Call Filter app exposed call records of millions
Classification:
- HashTags: #cybersecurity #Verizon #DataLeak
- Company: Verizon
- Target: Verizon customers
- Product: Call Filter
- Feature: API vulnerability
- Type: Vulnerability
- Severity: Medium