Security Flaw in iPhone Call Recorder App Exposed User Conversations
Anand Prakash, an Indian cybersecurity researcher and founder of PingSafe AI, discovered a serious vulnerability in the popular iOS app Call Recorder, which is used to record phone calls. According to official statistics, the app has been downloaded over one million times.
In his blog, Prakash explains that anyone could access users’ recorded conversations simply by knowing their phone number. The researcher found the app’s cloud storage on AWS, along with host names and sensitive data used by Call Recorder.
Using Burp Suite, Prakash was able to view and modify the app’s incoming and outgoing network traffic. Because the API did not require any authentication, he could substitute his registered phone number in the app with any other user’s number and gain access to that user’s call recordings.
The exposed storage contained over 130,000 recordings, totaling around 300 gigabytes of data.
Journalists from TechCrunch contacted the Call Recorder developer, who confirmed that the bug has now been fixed and the storage is no longer accessible. A new version of the app was released in the App Store last weekend.
Source
Related Channels and Partners
- Our other channels
- Our friends and partners