Anand Prakash, a message security researcher and founder of PingSafe AI, discovered a vulnerability in the popular iPhone application “Automatic Call Recorder”. This vulnerability allows anyone to obtain the call history of other users by knowing their phone numbers.
According to TechCrunch, this security breach revealed the call records of thousands of users. Through proxy tools such as Burp Suite, Prakash can view and modify the network traffic in and out of the application.
This means that he can replace his phone number registered in the application with the phone number of another user of the application, and access their recordings on his mobile phone. TechCrunch stated that it can verify Prakash’s findings and wait for the developer to fix the bug before publishing a report.
Join Our Apple Channel On Telegram
The application stores the user’s call records in a cloud storage bucket hosted by AWS. Although the files inside are public and listed, the files cannot be accessed or downloaded. As of press time, the bucket has been closed.
The report explained that on March 6, the developer of the “Automatic Call Recorder” app released a security update, but before the fix, more than 130,000 recordings can be accessed by anyone. According to its page, the app has been downloaded more than 1 million times in the App Store.
The developer claims that the app “may be the easiest call recorder you can find on the App Store.” The developer did not respond to several requests for comment from the TechCrunch team. As of now, the bug has been fixed.
If you like our news and you want to see such news even further, then follow RealMi Central on Telegram, Twitter, Facebook (Page) (Group) & Instagram.