This iPhone app exposed thousands of users' recorded calls

1. Home
2. News
3. Security

This iPhone app exposed thousands of users' recorded calls

(Epitome credit: Prototype Credit: Ajay Suresh | Flickr CC by ii.0)

A security vulnerability has been discovered in a popular call recording app for the iPhone, potentially exposing the call recordings of thousands of users.

The flaw in the Automatic Call Recorder app was discovered past PingSafe AI security researcher Anand Prakash. Information technology turns out that anyone could access recordings from other users, just equally long as they knew the other users' telephone numbers.

• Everything we know nearly the iPhone 13
• These are the all-time encrypted messaging apps you can download right now
• Plus: Google Pixel 6 leak just revealed two large upgrades

According to Prakash, information technology's not as simple equally inbound a user's phone number and and so having access to all their recorded calls. But it's non all that difficult either. Prakash achieved it with the network-sniffing proxy tool Burp Suite.

Widely used by security researchers, Burp Suite allowed Prakash to view and modify network traffic as it passed to and from the Automatic Phone call Recorder on his iPhone. It immune  him to change the registered telephone number with that of a different registered user.

This vulnerability shows the inherent dangers of storing app data in cloud storage and failing to properly secure it, every bit was the instance here.

According to TechCrunch, who were able to replicate the exploit, Automatic Call recorder stores its recordings in a cloud-storage bucket hosted by Amazon Web Services. That bucket held around 130,000 recordings that took upwardly 300 gigabytes of space.

A study last calendar week from mobile security house Zimperium suggests that leaky smartphone apps are far from rare. The firm found about 18,000 Android and iOS apps that hadn't set up deject-storage databases correctly. While the apps weren't named in that study, information technology does mean potentially millions of users are at risk of having their data exposed.

TechCrunch got in touch with Automatic Call Recorder's developers, who promptly patched the exploit March 6. So there'due south no need to delete all your recordings in a panic every bit long every bit you update Automatic Phone call Recorder to version 2.26.

• More: Hither are the best free iPhone apps you tin can download right now

Tom is the Tom'due south Guide'due south Automotive Editor, which ways he can usually exist found knee deep in stats the latest and best electric cars, or checking out some sort of driving gadget. Information technology'south long way from his days as editor of Gizmodo UK, when pretty much everything was on the tabular array. He's unremarkably institute trying to squeeze another behemothic Lego set onto the shelf, draining very big cups of java, or complaining that Ikea won't permit him purchase the stuff he really needs online.

Source: https://www.tomsguide.com/news/this-iphone-app-exposed-thousands-of-users-recorded-calls

Posted by: leewascond78.blogspot.com

Share this post