Verizon security flaw could allow hackers to view entire call history

Security researcher finds bug in an API used in a Verizon mobile app
The bug allowed threat actors to view other people’s call logs
It was found in February 2025 and fixed in March, but users should still take care

A bug in a Verizon API allowed malicious actors to view other people’s incoming call logs until it was fixed.

Cybersecurity researcher Evan Connelly found the bug in Call Filter, a free app Verizon ships with all iOS and Android devices sold directly through the telco to help users block spam calls, identify unknown numbers, and avoid robocalls.

Given Verizon’s large subscriber base, the app likely has millions of users, as it offers features like spam detection, caller ID, personal block lists, and automatic blocking of high-risk calls. Call Filter also has a premium version which adds spam lookup, custom controls, and caller ID for unknown numbers.

Targeting journalists

As Connelly explained, the app connects to an API endpoint where it retrieves the logged-in user’s incoming call history, and then displays it in the app. However, due to a misconfiguration in the API, the user’s phone number is not verified, meaning that any user could request the data for anyone else.

Connelly tested the iOS version, but claims the problem is platform-agnostic, since the bug resides in the API, instead of the app itself.

Seeing someone’s call log might not seem like much at first, but Connelly warns that it could be a “powerful surveillance tool”, especially against high-profile targets such as journalists, government opponents, dissidents, and similar.

“Call metadata might seem harmless, but in the wrong hands, it becomes a powerful surveillance tool. With unrestricted access to another user’s call history, an attacker could reconstruct daily routines, identify frequent contacts, and infer personal relationships,” Connelly said.

Verizon addressed the flaw sometime in March 2025, but we don’t know for how long this information was exposed, so users should still take extra care.

Via BleepingComputer

https://cdn.mos.cms.futurecdn.net/NVuWpwAR6HhfjkxzXwxTTW-1200-80.jpg

Source link

Striking the right balance – AI’s role in HR transformation

I brought doodles to life with Deep Image, and it’s like having a magic paintbrush

Heaps of LG’s 2024 models are being run out to make way for 2025 models, and I’ve found the 5 best deals

Heaps of LG’s 2024 models are being run out to make way for 2025 models, and I’ve found the 5 best deals

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Which Celebrity Styles Americans Copy Most in 2025: New Study

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

Swedish March flash inflation falls back, easing pressure on Riksbank

European banks extend losses amid tariff selloff

Volkswagen working to ‘quantify the impact’ of Trump tariffs on U.S. sales

Sweden inflation excluding energy projected to stay high this year, says Capital Economics

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Verizon security flaw could allow hackers to view entire call history

Swedish March flash inflation falls back, easing pressure on Riksbank

European banks extend losses amid tariff selloff

Volkswagen working to ‘quantify the impact’ of Trump tariffs on U.S. sales

Sweden inflation excluding energy projected to stay high this year, says Capital Economics

Leave a reply Cancel reply