Verizon glitch put users’ call logs in the wrong hands, sparks real-time surveillance worries
Verizon glitch put users’ call logs in the wrong hands, sparks real-time surveillance worries
[ad_1]
A security researcher on the name of Ivan Connecti discovered a disturbing discovery, but it is very important a few weeks ago that he cares about millions of Verizon users: We are talking about privacy breach here.
He also writes on Blue, select a security vulnerability in VerizonIPHONE and iOS calls application, which allows a bad representative to reach the call record records for Verizon Users.
The issue becomes real regarding taking into account that the error allowed anyone with some technical knowledge to reach the date of the call received for any Verizon Phone number - without having to penetrate the phone, guess a password, or even alert the victim.
At the heart of the problem, there was a weakness in how to request the application and receive call record data. When users open the application to view modern calls, it will send a request to a distant server, select the user's phone number and request the records match. This should have been tightly restricted, so the person who logged into the app can only see his own data.
An example of a weak request. | Credit image - Ivan Connect
It turns out that the back interface of the application failed to properly verify that the request is coming from the actual account holder. This means that the curious actor - or the malicious - can change the request for another person's number and receive his call record. There are no passwords, no, then, just a number and a few knowledge.
To clarify this, this error did not display text messages or full conversations. But even reaching the date of the incoming calls only reveals deeply. Time stamps and frequent numbers can draw an amazing detailed picture of a person's habits, communications, and space. For journalists, activists, police officers, or survivors of ill -treatment, this type of leakage may be incredibly dangerous.
What's more, it seems that the system behind this defect has been managed directly VerizonBut through a less well -known company called CEQUINT, which specializes in the calling ID technology. This raises additional questions about the amount of user data that is dealt with by third parties - and the extent of this data is already securing.
Ivan was found and reported in February 2025. Verizon Since the problem has been repaired since then, but exposure could have affected many users, especially since the call candidate is likely to be active by default for most Verizon Customers. It is a blatant reminder that even the simple verb to verify what he called you should not come at the expense of your privacy.
BleepingComputer, which also reported the story Verizon And the response of the carrier confirms this Verizon "I worked with the third -party application owner to repair and correct," which was then pushed in mid -March. The company claims that "there is no indication that the defect has been exploited" and "only the affected iOS devices", but now the problem has been solved.
A security researcher on the name of Ivan Connecti discovered a disturbing discovery, but it is very important a few weeks ago that he cares about millions of Verizon users: We are talking about privacy breach here.
He also writes on Blue, select a security vulnerability in VerizonIPHONE and iOS calls application, which allows a bad representative to reach the call record records for Verizon Users.
The issue becomes real regarding taking into account that the error allowed anyone with some technical knowledge to reach the date of the call received for any Verizon Phone number – without having to penetrate the phone, guess a password, or even alert the victim.
At the heart of the problem, there was a weakness in how to request the application and receive call record data. When users open the application to view modern calls, it will send a request to a distant server, select the user’s phone number and request the records match. This should have been tightly restricted, so the person who logged into the app can only see his own data.
An example of a weak request. | Credit image – Ivan Connect
It turns out that the back interface of the application failed to properly verify that the request is coming from the actual account holder. This means that the curious actor – or the malicious – can change the request for another person’s number and receive his call record. There are no passwords, no, then, just a number and a few knowledge.
To clarify this, this error did not display text messages or full conversations. But even reaching the date of the incoming calls only reveals deeply. Time stamps and frequent numbers can draw an amazing detailed picture of a person’s habits, communications, and space. For journalists, activists, police officers, or survivors of ill -treatment, this type of leakage may be incredibly dangerous.
What’s more, it seems that the system behind this defect has been managed directly VerizonBut through a less well -known company called CEQUINT, which specializes in the calling ID technology. This raises additional questions about the amount of user data that is dealt with by third parties – and the extent of this data is already securing.
Ivan was found and reported in February 2025. Verizon Since the problem has been repaired since then, but exposure could have affected many users, especially since the call candidate is likely to be active by default for most Verizon Customers. It is a blatant reminder that even the simple verb to verify what he called you should not come at the expense of your privacy.
BleepingComputer, which also reported the story Verizon And the response of the carrier confirms this Verizon “I worked with the third -party application owner to repair and correct,” which was then pushed in mid -March. The company claims that “there is no indication that the defect has been exploited” and “only the affected iOS devices”, but now the problem has been solved.
