Sensitivity was found in an iOS call recording app enabling recorded phone calls by knowing a user’s phone number.
Explained today by Anand Prakash of PingSafe AI, the vulnerability was discovered in an app called “Automatic Call Recorder” that has been downloaded over a million times from the Apple App Store. As the name implies, the app automatically records incoming and outgoing phone calls.
The vulnerability associated with insecure communication went in and out of the app. Using a proxy tool like Burp Suite, Prakash was able to view and modify network traffic, allowing it to assign another user number in the registration request. The app programming interface would then match the URL of Amazon Web Services Inc.’s S3 storage bucket. where storage was.
The company behind Automatic Call Recorder was notified of the vulnerability and a new version of the app went live on the App Store March 6. It is recommended that any users who do not automatically update their apps be updated. apply as soon as possible.
“Security issues like this are terrible in nature,” Prakash said. “As well as influencing customer privacy, these will also distort the company’s image and provide additional benefits to its competitors.”
Anurag Kahol, chief technology officer at cloud access security broker Bitglass Inc., told SiliconANGLE that anyone could have accessed thousands of call logs during the time of appearance just by knowing a user’s phone number .
“This not only violated data privacy but also put the affected users at physical and cyber risk if their recorded conversations contained personal, sensitive details,” he said. . “App makers who do not invest in cybersecurity themselves need to recognize that the potential fines for non-compliance with data privacy laws are very costly – not to mention the cost of loss of customer trust. ”
Image: Automatic call recorder
Since you are here …
Show your support for our mission with the one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will recommend relevant content and emerging technology content to you. Thank you very much!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We would also like to tell you about our mission and how you can help us achieve it. SiliconANGLE Media Inc.’s business model. based on the intrinsic value of the content, not advertising. Unlike many online publications, we do not have a payroll or run banner advertising, as we want to keep our journalism open, with no impact or the need to follow traffic.News, reporting and commentary on SiliconANGLE – along with live, unwritten video from our Silicon Valley studio and global video teams at theCUBE – take a lot of hard work, time and money. Maintaining the high quality requires sponsorship support that is in line with our vision of ad-free journalism content.
If you like the commentary, video interviews and other ad-free content here, please take a moment to view a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.