The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot password?

Verizon vulnerability exposed customers' data

2015-05-14 10:07 by
Tags: ,

 

Former hacker Eric Taylor aka Cosmo the God, and a student named Blake Welsh have discovered a vulnerability in Verizon system that would allow attackers to gain access to the personal information of Verizon Internet customers with just a browser plug-in and a spoofed IP address.

Taylor and Welsh got a Verizon user's IP address from the header of an email sent to them by one of the volunteers who had given them permission to gain control of his account. With the help of "X-Forwarded-For Header," a Firefox extension that allows a browser to impersonate any IP address — they visited Verizon's website with the spoofed IP address.

The problem came from the fact that Verizon's customer support website identifies users through their computer's IP address. Since the address is generated by the internet service provider, it just needs to know whether a customer is visiting the page with an IP address that Verizon recognizes. And as those IP addresses are unique to each home internet customer, when the system detects one it recognizes, it assumes it knows who you are, and automatically display personal information like your location, your name, your phone number, and your email address. And that data is sufficient for an attacker to take control of a Verizon account.

The founders were able to verify this vulnerability multiple times, on multiple accounts, with the explicit and repeated permission of the account holders. The flaw used to expose at risk any of Verizon's 9 million home internet customers. The carrier has been notified before the information was made public. It has already patched the flaw.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
comment discuss top
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About