A security vulnerability in a popular iPhone app called ‘Call Recorder’ has exposed thousands of call recordings.
TechCrunch reports that the bug was discovered by PingSafe AI security researcher Anand Prakash. He found that anyone could access calling recordings from other users by knowing their phone number.
By using a proxy tool like Burp suite, Prakash was able to replace the phone number he registered with Call Recorder with another user’s phone number. This allowed him to access the recordings of other users’ conversations on his phone.
TechCrunch notes that it was able to verify this by conducting its own test. Call Recorder stores recordings on a cloud storage bucket on Amazon Web Services, which was open at the time the bug was discovered.
It’s worth noting that the files couldn’t be accessed and that the bucket has since been closed. It included more than 130,000 audio recordings.
The developer of the app, Arun Nair, released a new version of the app on March 6th. The update notes state that the new version was released to “patch a security report.”
TechCrunch states that the app developer has not responded to repeated requests for comment regarding the vulnerability.
Source: TechCrunch