A flaw in the mobile app for Verizon’s retail telecoms service potentially exposed customer email accounts to hackers, according to a security researcher.
Randy Westergren, a senior software developer at XDA Developers, found that a bug in the My FiOS for Android app allowed him to change the ID and username to show the contents of other users’ inboxes, and even read and send emails.
He then developed a proof of concept for the bug and informed Verizon of the problem on January 14, prompting the telecoms firm to release a patch two days later.
"Verizon’s security group seemed to immediately realise the impact of this vulnerability and took it very seriously," Westergren said.
"They were very responsive during this process and even arranged for a free year of FiOS Internet service as a token of their gratitude."
Mobile apps have been hampered by problems like this a number of times in the last year, with the greetings card firm Moonpig only the latest firm to come under scrutiny in this regard.