Verizon vulnerability exposed customers' data

Former hacker Eric Taylor aka Cosmo the God, and a student named Blake Welsh have discovered a vulnerability in Verizon system that would allow attackers to gain access to the personal information of Verizon Internet customers with just a browser plug-in and a spoofed IP address.

Taylor and Welsh got a Verizon user's IP address from the header of an email sent to them by one of the volunteers who had given them permission to gain control of his account. With the help of "X-Forwarded-For Header," a Firefox extension that allows a browser to impersonate any IP address — they visited Verizon's website with the spoofed IP address.

The problem came from the fact that Verizon's customer support website identifies users through their computer's IP address. Since the address is generated by the internet service provider, it just needs to know whether a customer is visiting the page with an IP address that Verizon recognizes. And as those IP addresses are unique to each home internet customer, when the system detects one it recognizes, it assumes it knows who you are, and automatically display personal information like your location, your name, your phone number, and your email address. And that data is sufficient for an attacker to take control of a Verizon account.

The founders were able to verify this vulnerability multiple times, on multiple accounts, with the explicit and repeated permission of the account holders. The flaw used to expose at risk any of Verizon's 9 million home internet customers. The carrier has been notified before the information was made public. It has already patched the flaw.

Read more -here-

• Tesla recalls new Cybertrucks over accelerator hazard
• Comcast rolls out 'Now' prepaid phone and internet plans
• Logitech adds ChatGPT button to hardware
• Boston Dynamics retires its hydraulic humanoid robot Atlas
• Microsoft starts testing ads in the Windows 11 Start menu
• Apple warns of iPhone 'mercenary spyware attack' across 92 countries