Connect with us

Technology

A bug in the popular iPhone app Call Recorder opened access to thousands of recordings

A vulnerability in the Call Recorder application for recording calls allowed anyone to gain access to thousands of iPhone users’ phone recordings. The problem was discovered by Anand Prakash, a security researcher and founder of PingSafe AI. All you need to do is know the phone number of another user.

Anand Prakash used the open source Burp Suite platform to perform web application security tests. With its help, he could view and modify traffic going in both directions. Simply put, he could change his phone number registered in the application to the phone number of another user and gain access to his conversation records.

This vulnerability was confirmed by the journalists of TechCrunch, who checked Prakash’s scheme. The Call Recorder iOS app stores recordings of its users’ conversations in cloud storage on Amazon Web Services. Although the file list was publicly accessible, the audio recordings could not be opened or downloaded. At the time of this writing, more than 130 thousand records of telephone conversations with a total volume of about 300 GB were stored in the cloud.

TechCrunch contacted the app developer and did not release the story until the issue was fixed. In a note for the new version of Call Recorder, it is said that the application update contains a “security report fix”.

Click to comment

All TechWeek writers are indepentent and from many different countries. Some english misspelling and grammar mistakes may occur. Report article.

Advertisement

Latest news and reviews in hi-fi, home cinema and technology reviews, products, news, advice, videos and more, from around the world! All pictures and articles written on techweekmag.com are owned by respective freelance authors. If you find a article that violates copywrite infringement, please report article here!