Imagine if anyone could punch in a phone number from the largest U.S. cell carrier and instantly retrieve a list of its recent incoming calls—complete with timestamps—without compromising the device, guessing a password, or alerting the user. Now imagine that number belongs to a journalist, a police officer, a politician, or someone fleeing an abuser. This capability wasn’t a hypothetical. I recently identified a security vulnerability in the Verizon Call Filter iOS app which made it possible for an attacker to leak call history logs of Verizon Wireless customers.
  • obbeel@lemmy.eco.brEnglish
    2·
    1 day ago

    Maybe they didn’t invest that much on security, as the article pointed out for not having a system that would uniquely identify only the number linked to the account.

    • opalfrost@friendica.world
      1·
      1 day ago

      @obbeel
      Major point of weakness is the human aspect.
      Not any system, it’s how you handle it as not 1 can be trusted.
      No not even GNU Linux, you trust the gpg key or hash with shasum.
      Look, even the dev of my distro state, it remain your decision to trust> an intern could be corrupt, something has been done wrong or is compromised on users end as well, that key may be tampered.
      In social engineering we learned to not give any thing anything unless in a protected sense of that era called protection. And I hope you did just that .