|
>
Home Page Aug 12 2003 ThreeZee Technology, a security research firm say that they have located a bug within the Verizon Wireless Text Messaging system. The bug will allow any person to easily view mass lists of SMS messages sent to Verizon Cellular customers, including the telephone number and the text in the message. The applications of the bug can be extended to signing the phone up for an online login at www.VText.com, thus gaining the ability to intercept messages sent to the phone, as well as the ability to make numerous charges to the customer's phone bill. Verizon Wireless allows anonymous surfers to send text messages to their customers via their website. After sending the message, they are directed to a page in which they can view the status. The status page reveals a few things to the user: When the message was sent, the Tracking ID, the recipient's phone number, or @vtext.com email, the status, and when or if it was delivered to the handset. This same page allows you to manually enter the tracking ID and the phone number or vtext.com email of the user who should be receiving it. By separating Message IDs with commas, you can submit a query only limited by the web server's maximum content limit. Verizon states that you need to enter both the Tracking ID and the recipient of the message. This is where the bug comes into play. By simply entering a message ID, and omitting the phone number, you can track a single message, or hundreds. While the Tracking, or message ID may look foreign in ways, it's quite simple. Think of the way an odometer turns on a car.. that is the basic idea of the ID. Example 1: MsgID4_A54GKVHD Starting after the "_", the message ID will progress in the order of A - Z, and 0 - 9. There seems to be no association with the time sent, or who it was sent to. Like the odometer, when a character/digit of the ID reaches the end (9), it will restart at A, and the preceeding character will increase by 1. i.e: By submitting a query to the server with message IDs separated by commas, you will receive a huge list of telephone numbers and email addresses on the Verizon wireless network. It's quite easy to discover a list of valid message IDs and the phone numbers associated with them. This in itself could be extremely useful for SMS spammers to gather a list of people which actively receive messages. Verizon also offers a service to members which allows them to view the text in a message they've sent. This only requires the message ID to view. Using this list of gathered valid message IDs, combined with the other service, you can spy on the full text of any message sent either via email, via vtext.com, or even messages sent from Verizon to its users. When a customer signs up for a login at vtext.com for their phone, the password is then sent to the phone in a text message. Using a combination of the available bugs can lead a person to take partial control of the customer's account, opening the door to many different possibilities. This is including, but not limited to: Making charges to a customer's account, sending messages from their phone, and intercepting messages to the phone. Verizon has not yet fixed this problem, which is why ThreeZee has not disclosed the full details of the bug, just the overview above.
|
|
|||||||
