T-Mobile has crushed a bug in subsidiary MetroPCS that could have allowed attackers to steal details on any of its 10 million customers, according to reports. Cinder researchers Eric Taylor and Blake Welsh say the vulnerabilities were simple to exploit up until a patch was dropped. Motherboard exploited the vulnerabilities using a Firefox plugin that sent a HTML request with the target’s phone number. That spat out full names, home addresses, phone model and serial numbers, and billing details of those who agreed to be tested as part of the research. A script could have been easily written to harvest the MetroPCS database, the pair say.
View full story
ORIGINAL SOURCE: The Register