Report: Flaw in popular iPhone app leaked thousands of call recordings


According to a report by TechCrunch, a security flaw in a generically named CallRecorder app on the App Store allowed anyone to gain access to another user’s personal call recordings. — Dreamstime/TNS

No matter how much security an operating system might offer, the weakest link in the chain – such as a badly coded app or service – could lead to user data getting compromised. Apple’s iOS operating system has been designed with security in mind, but an application on the App Store has reportedly exposed thousands of call recordings of users who used the app on their iPhones.

Apple doesn’t allow users to record their calls, which means users are stuck with using third-party apps that allow you to call others using an Internet number and then record the call from inside the app. Unfortunately, this means that these apps usually leave their recordings on a server for users to access, which means they’re essentially available for people to try and exploit on the Internet.

According to a report by TechCrunch, a security flaw in a generically named CallRecorder app on the App Store allowed anyone to gain access to another user’s personal call recordings – and all they needed was their victim’s phone number. The vulnerability was discovered by security expert Anand Prakash and the findings were then confirmed by TechCrunch using a tool to “change” the network traffic while the app communicated with the server.

Using the trick, the researcher was able to change the number on the app to any other user, after he had registered and set up the account. The app would simply allow access as if he had registered with their numbers. Prakash also found that the recordings were being stored on a “cloud storage bucket” on Amazon Web Services and had over 1.3 lakh audio recordings well over 300 gigabytes.

While the app has now been patched and an update began rolling out to users over the weekend, this incident highlights how unsafe apps can put users data at risk, even if the operating system is well designed and implements security well enough. Users must also remain cautious about which apps get access to their data, especially something as personal as recordings of their phone conversations. – Hindustan Times, New Delhi/Tribune News Service

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!
   

Next In Tech News

Musk says 'possible' that Twitter gave preference to leftists during Brazil election
Crypto broker Genesis owes Gemini's customers $900 million, Financial Times reports
The first SMS was sent 30 years ago. When will the last one be?
How to start a WhatsApp chat without, ugh, creating a new contact
Where to turn off some of Windows 11's biggest annoyances
Exclusive-Twitter exec says moving fast on moderation, as harmful content surges
FTX's LedgerX attracts interest from Blockchain.com, Gemini- Bloomberg
Will Netflix and its rivals succeed in stamping out password sharing?
France's Macron discussed Twitter content rules in meeting with Musk
U.S. says Swiss engineering group ABB to pay over $315 million to resolve bribery case

Others Also Read