An iOS “Call Recorder” App has got a security vulnerability that ended up exposing thousands of users’ recordings. Apple does not have any in-built app to record phone calls, so the users use third-party call recording apps from App Store. This means the third-party apps leave their recording on the server and they are accessible for people to misuse it.
Bug in iPhone ‘Call Recorder’ App Leaks Thousands of Recordings
A security researcher and founder of PinSafe AI, Anand Prakash discovered the flaw and claimed that the app called Call Recorder app allows anyone to reach the call recordings of other users by knowing their phone number.
By using a proxy tool, the researcher can view and change the network traffic of the app. This means, he was able to replace his registered phone number on the app with another phone number of other app users and can use their call recordings on his phone.
Due to this vulnerability, any hacker could listen to any of the user’s call recordings from the cloud storage bucket.
Even, TechCrunch has verified Anand Prakash’s findings by using an extra phone with their account.
The Call Recording app, stores all the user’s call recordings on a cloud storage bucket that is hosted on Amazon Web services. However, the cloud storage server was open and the files were listed inside, the files were not allowed to download.
According to the reports, cloud storage had more than 130,000 audio call recordings. And the app has more than 1 million downloads now.
However, now the app has been patched and the update is out to the users on Saturday. By this, we can see how all the apps are unsafe and our data is at risk. Even after having the best operating system and implements security. So, it is better to be safe and cautious before using any app, check which apps can access data.