Imagine if anyone could punch in a phone number from the largest U.S. cell carrier and instantly retrieve a list of its recent incoming calls—complete with timestamps—without compromising the device, guessing a password, or alerting the user.Now imagine that number belongs to a journalist, a police officer, a politician, or someone fleeing an abuser.This capability wasn’t a hypothetical.I recently identified a security vulnerability in the Verizon Call Filter iOS app which made it possible for an attacker to leak call history logs of Verizon Wireless customers.Call logs can be quite valuable, especially for nation states, as recently noted in coverage of the Salt Typhoon breach of telecom networks: https://www.nytimes.com/2024/10/25/us/politics/trump-vance-hack.htmlGiven that this data is of such value, you’d expect that both how it’s accessed, and who is given access would be closely guarded. However, as I found, this may not be the case.High level overview:In order to display your recent history of received calls in the Verizon Call Filter app, a network request is made to a server. That request contains various details such as your phone number and the requested time period for call records. The server then responds with a list of calls and timestamps for each.So surely the server validated that the phone number being requested was tied to the signed in user? Right? Right?? Well…no. It was possible to modify the phone number being sent, and then receive data back for Verizon numbers not associated with the signed in user.In short, anyone could lookup data for anyone.This is of course a privacy concern for all. But for some this could also represent a safety concern.Consider scenarios involving survivors of domestic abuse, law enforcement officers, or public figures—individuals who rely on the confidentiality of their communication patterns. Having their incoming call logs exposed is not just invasive; it’s dangerous.Call metadata might seem harmless, but in ...
First seen: 2025-04-02 19:52
Last seen: 2025-04-03 13:56