Post

Critical Flaw in Verizon Call Filter App Puts Millions of Users at Risk

Critical Flaw in Verizon Call Filter App Puts Millions of Users at Risk

TL;DR

A significant vulnerability in the Verizon Call Filter app exposed the call logs of millions of Verizon users, posing serious privacy and security risks. The issue allowed unauthorized access to call records, potentially affecting individuals in sensitive situations. Verizon promptly addressed the flaw after it was reported by a security researcher.

Critical Flaw in Verizon Call Filter App Puts Millions of Users at Risk

Security researcher Evan Connelly discovered a major security flaw in the Verizon Call Filter iOS app that could allow anyone to view the recent call logs of potentially any Verizon phone number. This vulnerability posed a significant risk to the privacy and security of millions of Verizon customers.

Vulnerability Overview

The Verizon Call Filter app, designed to help users manage and filter unwanted calls, contained a vulnerability that allowed unauthorized access to call logs. The app sends requests to a server to fetch call data for a specific phone number. However, there were no verification checks to ensure that the requesting number matched the targeted number. This oversight enabled anyone to craft requests for any phone number and retrieve its call logs without authorization.

“In short, anyone could lookup data for anyone,” Connelly stated.

Impact and Risks

This flaw could affect any Verizon Wireless customer with the Call Filter service enabled, which is turned on by default for many users. The unauthorized access to call logs poses serious privacy concerns and security risks, especially for individuals in sensitive situations such as domestic abuse victims, public figures, or targets of cyberattacks.

An attacker exploiting this vulnerability could gain insights into a person’s daily habits, frequent contacts, and personal relationships. Although there is no evidence that the flaw was actively abused, the potential for misuse was substantial.

Timeline of Events

  • February 22, 2025: The issue was discovered and reported to Verizon.
  • February 24, 2025: Verizon acknowledged the report.
  • March 23, 2025: The researcher requested an update as the issue appeared to be fixed.
  • March 25, 2025: Verizon confirmed that the issue was resolved.

About Verizon Call Filter

The Verizon Call Filter is a valuable tool against robocalls, acting as a screening and filtering tool to manage nuisance calls. It uses a Know Your Customer (KYC) scoring system to identify and block spam call networks. Users can easily disable the service if desired:

On iPhone:

  1. Open the Call Filter app.
  2. Go to Settings.
  3. Tap Manage Plan and select Turn Off Call Filter.

Alternatively, disable it from iPhone settings:

  1. Go to Settings > Phone > Call Blocking & Identification.
  2. Toggle off the Call Filter option.

On Android:

  1. Open the Call Filter app.
  2. Tap Account, then Manage Plan.
  3. Follow the steps to disable Call Filter.

Alternative Solutions

For additional protection against scam calls, users can consider Malwarebytes Mobile Security for iOS or Malwarebytes Mobile Security for Android.


We Don’t Just Report on Phone Security—We Provide It

Cybersecurity risks should never extend beyond a headline. Protect your mobile devices by downloading Malwarebytes for iOS and Malwarebytes for Android today.

For more details, visit the full article.

References

This post is licensed under CC BY 4.0 by the author.