IPhone Call Recorder bug gave acess to other people's conversations

Phone

An iOS call recording app patched a security vulnerability that gave anyone access to the conversations of thousands of users by simply providing the correct phone numbers.

The application’s name is “Automatic call recorder” or “Acr call recorder” and has thousands of user reviews in App Store amounting to a rating above 4 stars; it has also been listed among the top call recording apps for iPhone.

Fetching more than recordings

Using open-source intelligence, security researcher Anand Prakash, founder of PingSafe AI, found the app’s cloud storage on Amazon along with host names and some sensitive data that it used.
By passing the app’s network traffic through a web proxy tool like Burp or Zap, an attacker could insert the phone number of any app user in the recordings request. Because the responding API did not run any authentication, it returned the recordings associated with the phone number passed in the request. Even more, it also leaked that user’s entire call history, Prakash says.

On its website, the app boasts having over one million downloads from users in more than 20 countries.

Prakash worked with TechCrunch on the vulnerability disclosure. Zack Whittaker from the media outlet contacted the app’s developer, who released a new version with the fix. According to Whittaker, the app’s storage bucket on Amazon contained over 130,000 recordings weighing around 300 gigabytes.

Related Articles:

Microsoft's MSERT tool now finds web shells from Exchange Server attacks

New Chrome for iOS feature locks Incognito tabs with Face ID

TikTok fixes flaws allowing theft of private user information

Apple iMessage Flaw Lets Remote Attackers Read Files on iPhonesApple Releases iOS 12.4.1 to Patch Security Flaw Behind Jailbreak

Similar Articles:

Open Contacts  -  F-Droid - Free and Open Source Android App Repository

Open Contacts - F-Droid - Free and Open Source Android App Repository

Flaw in iPhone, iPads may have allowed hackers to steal data for years

Flaw in iPhone, iPads may have allowed hackers to steal data for years

Apple bleee. Everyone knows What Happens on Your iPhone

Apple bleee. Everyone knows What Happens on Your iPhone

How Apple's locked down security gives extra protection to the best hackers

How Apple's locked down security gives extra protection to the best hackers