A researcher discovered a serious vulnerability in Verizon Wireless’s Web-based customer portal that enabled anyone to download user’s SMS message history.

A security researcher found a simple flaw that exposed Verizon Wireless users’ SMS history, the critical flaw allows an attacker to access the list of SMS history viewing all the numbers of users that communicated with the victim. The exploitation of the critical bug is very simple, the attacker only needs to modify the subscriber’s phone number in the URL to access to the SMS history of the victim’s account on Verizon Wireless’s Web-based customer portal . Within the URL is recognizable the variable ‘Mtn’ associated with the mobile number, the attacker could manipulate it to target a specific user.

https://wbillpay.verizonwireless.com/vzw/accountholder/unbilledusage/UnbilledMessaging.action?d-455677-e=2&1548506v4671=1&mtn=999999999

“Message details consist of: Date, Time, To, From, and Direction an SMS or MMS took place. With no user interaction, all that was required was a subscriber’s phone number.” the researcher explained.

Just for curiosity the vulnerability presents some  similarities to the one that was discovered and exploited on AT&T’s site in 2010 that caused a serious data breach. It was exposed personal information belonging to more than 100,000 iPad owners and the hacker Andrew Auernheimer, aka Weev, who gave the data to the media site was convicted of identity fraud.

Fortunately Collier reported the bug to the Verizon and waited for its disclosure that the company fixed it.

“This was reported in responsible disclosure, so I don’t see how this is being compared to Weev who had malicious intent,” Collier said.