TZUTC: -0500   
   MSGID: 854.consprcy@1:2320/105 2c53e003   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Verizon security flaw could allow hackers to view entire call history   
      
   Date:   
   Thu, 03 Apr 2025 13:22:00 +0000   
      
   Description:   
   Verizon fixed the flaw in March 2025, but users should still be on their   
   guard.   
      
   FULL STORY   
      
   A bug in a Verizon API allowed malicious actors to view other peoples    
   incoming call logs until it was fixed.    
      
   Cybersecurity researcher Evan Connelly found the bug in Call Filter, a free   
   app Verizon ships with all iOS and Android devices sold directly through the   
   telco to help users block spam calls, identify unknown numbers, and avoid   
   robocalls.    
      
   Given Verizons large subscriber base, the app likely has millions of users,    
   as it offers features like spam detection, caller ID, personal block lists,   
   and automatic blocking of high-risk calls. Call Filter also has a premium   
   version which adds spam lookup, custom controls, and caller ID for unknown   
   numbers.    
      
   Targeting journalists    
      
   As Connelly explained, the app connects to an API endpoint where it retrieves   
   the logged-in users incoming call history, and then displays it in the app.   
   However, due to a misconfiguration in the API, the users phone number is not   
   verified, meaning that any user could request the data for anyone else.    
      
   Connelly tested the iOS version, but claims the problem is platform-agnostic,   
   since the bug resides in the API, instead of the app itself.    
      
   Seeing someones call log might not seem like much at first, but Connelly    
   warns that it could be a powerful surveillance tool, especially against   
   high-profile targets such as journalists, government opponents, dissidents,   
   and similar.    
      
   "Call metadata might seem harmless, but in the wrong hands, it becomes a   
   powerful surveillance tool. With unrestricted access to another user's call   
   history, an attacker could reconstruct daily routines, identify frequent   
   contacts, and infer personal relationships," Connelly said.    
      
   Verizon addressed the flaw sometime in March 2025, but we dont know for how   
   long this information was exposed, so users should still take extra care.    
      
    Via BleepingComputer   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/verizon-security-flaw-could-allow-hacke   
   rs-to-view-entire-call-history   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426