Netflix has reworked its password reset function after an Austrian security researcher demonstrated how an attacker could spoof it to take over a victim’s account. Fortunately, the bug wasn’t universal: it depended on the customer’s mobile carrier being one that hasn’t properly protected users’ voicemail accounts from unauthorised access. In the scenario described here, a chap named “Slashcrypto” notes that in his home country, T-Mobile is one such carrier and a default voicemail configuration would leave someone open to attack.
View full story
ORIGINAL SOURCE: The Register