MobileNews

Popular iPhone app exposed thousands of call recordings, security researcher finds

Security researcher and founder of PingSafe AI, Anand Prakash, discovered a flaw in the popular iPhone app “Automatic Call Recorder.” This bug allowed anyone to access call recordings from other users by knowing their phone number.

As reported by TechCrunch, this security vulnerability exposed thousands of users’ recorded conversations. With a proxy tool such as Burp Suite, Prakash could view and modify the network traffic going in and out of the app.

That meant he could replace his phone number registered with the app with the phone number of another app user, and access their recording on his phone.

TechCrunch said it could verify Prakash’s finding and waited until the developer fixed the bug before releasing its story.

The app stores its user’s call recordings on a cloud storage bucket hosted on Amazon Web Services. Although the public was open and lists the files inside, the files could not be accessed or downloaded. The bucket was closed by press time.

On March 6, the developer of the “Automatic Call Recorder” app released a security update, but before it was fixed, more than 130,000 audio recordings were accessible by anyone, the report explains. The app has more than 1 million downloads on the App Store, according to its page. The developer touts that the app “may be the easiest-to-use Call Recorder which you can find out on App Store.”

The developer didn’t return several requests for comment by TechCrunch’s team, but again, as of now, the bug has been fixed.


Check out 9to5Mac on YouTube for more Apple news:

Check out the latest Apple iPhones at great prices from Gizmofashion – our recommended retail partner.


Author: José Adorno
Source: 9TO5Google

Related posts
AI & RoboticsNews

Midjourney launches AI image editor: how to use it

AI & RoboticsNews

Meta just beat Google and Apple in the race to put powerful AI on phones

AI & RoboticsNews

DeepMind’s Talker-Reasoner framework brings System 2 thinking to AI agents

Cleantech & EV'sNews

Ford F-150 Lightning and Mustang Mach-E drivers just gained Google Maps EV routing

Sign up for our Newsletter and
stay informed!