Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

FiOS mobile app vulnerability put all Verizon email accounts at risk

Verizon has fixed a critical vulnerability in its My FiOS app that made it possible to read and send messages from any Verizon user's email account, according to a Sunday post by Randy Westergren, the security researcher and Verizon FiOS customer who identified the bug.

Westergren – who was investigating the My FiOS app for Android – notified Verizon on Jan. 14, and a fix was released on Jan. 16. He noted how accessing an email account can be used to access other accounts, such as Facebook or banking.

One commenter pointed out that Verizon is using unencrypted HTTP to transmit email and other sensitive information. In a statement sent to Forbes, Verizon said it does encrypt all email, the Android version of the app was unintentionally not set up for HTTPS, and a fix has been pushed.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.