My Verizon FiOS mobile app flaw discovered, promptly fixed
Posted by: Jon Ben-Mayor on 01/19/2015 07:26 PM
[
Comments
]
Verizon FIOS was notified of a flaw in the API of the My FiOS mobile app which allowed access to any user's email account potentially giving access to more critical/sensitive accounts such as banking and social media.
This flaw was discovered by Randy Westergren, a senior software developer with XDA Developers. He says "as a Verizon FiOS customer, I had never used the My FiOS app for Android to manage my account. Since Verizon has a good amount of my information, I thought it would be a good candidate for research.
It is good he decided to do the research. What he found was a vulnerability in the My FiOS web services which allowed access to any user’s Verizon email account. He stresses how serious it is having access to someones inbox and individual messages, since from there it would possibly give a cyber-thief the ability to access "a number of other accounts, e.g. banking, Facebook, etc."
Verizon issued a fix within 2 days of being notified by Westergren.
"Verizon's security group seemed to immediately realize the impact of this vulnerability and took it very seriously," Westergren wrote. "They were very responsive during this process and even arranged for a free year of FiOS Internet service as a token of their gratitude."
I recently switched over to Verizon FiOS from Time Warner Cable and thought about getting the app to record my shows even while 'on the go' (not that Tim allows me to leave the keyboard much)...glad I waited. But on the other hand, I am also reassured in my decision to changeover since Verizon took the issue seriously and didn't drag their feet on the fix.
This flaw was discovered by Randy Westergren, a senior software developer with XDA Developers. He says "as a Verizon FiOS customer, I had never used the My FiOS app for Android to manage my account. Since Verizon has a good amount of my information, I thought it would be a good candidate for research.
It is good he decided to do the research. What he found was a vulnerability in the My FiOS web services which allowed access to any user’s Verizon email account. He stresses how serious it is having access to someones inbox and individual messages, since from there it would possibly give a cyber-thief the ability to access "a number of other accounts, e.g. banking, Facebook, etc."
Verizon issued a fix within 2 days of being notified by Westergren.
"Verizon's security group seemed to immediately realize the impact of this vulnerability and took it very seriously," Westergren wrote. "They were very responsive during this process and even arranged for a free year of FiOS Internet service as a token of their gratitude."
I recently switched over to Verizon FiOS from Time Warner Cable and thought about getting the app to record my shows even while 'on the go' (not that Tim allows me to leave the keyboard much)...glad I waited. But on the other hand, I am also reassured in my decision to changeover since Verizon took the issue seriously and didn't drag their feet on the fix.
Comments
