Summary: A vulnerability in Verizon’s Call Filter feature allowed unauthorized access to incoming call logs of other Verizon customers through an unsecured API. Discovered by researcher Evan Connelly in February 2025, this flaw posed significant risks particularly for high-profile users. Verizon addressed the issue promptly, but details regarding the exposure period remain unclear.
Affected: Verizon Wireless Call Filter
Keypoints :
- Vulnerable API allowed users to retrieve call histories by manipulating valid JWT tokens without verification.
- Potential risks for high-value targets, including political figures and journalists, as call logs can reveal sensitive information.
- The questionable security practices raised concerns over how Verizon handles sensitive call data, especially since the API endpoint is hosted by a third-party firm.
Views: 9