Menu
Email accounts exposed in Verizon My FiOS mobile app

Email accounts exposed in Verizon My FiOS mobile app

Verizon has now fixed the flaw in the API of My FiOS, according to a software developer

Randy Westergren

Randy Westergren

Verizon fixed a serious vulnerability in its My FiOS mobile application that allowed unfettered access to email accounts, according to a developer who found the problem.

Randy Westergren, a senior software developer with XDA Developers, looked at the Android version of My FiOS, which is used for account management, email and scheduling video recordings.

"Since Verizon has a good amount of my information, I thought it would be a good candidate for research," Westergren wrote on his personal blog. "I was right, and the results were astonishing."

The flaw, contained in the application's API, could have allowed an attacker to read individual messages from a person's Verizon inbox and even send emails from an account, he wrote.

Westergren looked at the traffic sent back and forth between My FiOS and Verizon's servers. He found My FiOS would return the content of someone else's email inbox by simply substituting a different user ID in a request.

He contacted Verizon on Thursday, which acknowledged the problem a day later. Verizon issued a fix on Friday, Westergren wrote.

"Verizon's security group seemed to immediately realize the impact of this vulnerability and took it very seriously," Westergren wrote. "They were very responsive during this process and even arranged for a free year of FiOS Internet service as a token of their gratitude."

Verizon officials couldn't immediately be reached for comment Sunday.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Verizon CommunicationsExploits / vulnerabilities

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.​

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments