Reply to post: Interesting

Netflix flattens bug that allowed account p0wnage via voicemail



That's an interesting and very simple exploit, easily achieved.

As said above Netflix has assumed the security of the medium over which this authentication happens, but they have no control over it, so the assumption is flawed.

I guess the fallout from an exploit like this is limited to a) someone using your netflix account to watch stuff and b) the legitimate owner being locked out until they reset the account themselves.

However, I wonder what other companies and systems use the same auto phone call method for verification? I reckon there could be a lot more systems need looking at in light of this.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon