Friday, September 12, 2014

SLC2014-02 - Verizon VCast Exposes Information

SLC Security Services LLC has detected a threat to users of Verizon's VCAST Music Manager cell phone software that allows the tracking of the end user and the unintentional disclosure of information that may be used to identify the device and end user. Utilizing the authentication information sent by the phone it was discovered that the following information is sent in the clear to Verizon or over a WAN connection, or Wireless 802.11 connection:
  • The Brand of the Phone in Use
  • The Software Version of the Phone
  • The Carrier of the Phone Service (Always Verizon since this is a Verizon application)
  • Total Memory in the Phone
  • Manufacturer of the Phone
  • Device ID
  • The end users Email account
  • The end users Full Name
  • The phone number of the Phone handset
  • The MDN of the Phone
  • The display resolution of the Phone screen
Verizon has not come up with a fix for this disclosure of your personal information as of the time of this posting.

Initial Date of Disclosure: 28 Aug 2014
Status: Not Fixed or Patched

No comments:

Post a Comment