The “Automatic call recorder” application is one of the popular applications used by iPhone users to record their calls. The app is among top-grossing in the Business category of App Store currently #15 in the downloads in the Business Category worldwide.
PingSafe AI, a security company that monitors multiple breaches in real-time, has uncovered a critical vulnerability in the iPhone automatic call recorder application that exposed thousands of users’ recorded calls.
The Call Recorder app-enabled third-parties to access a user’s entire library of recordings, just by knowing their phone number. Apple doesn’t offer call recording as a stock feature on the iPhone, so those wishing to do so easily need an app to facilitate the function.
Features of the Automatic Call Recorder App
- Organize recordings files into categories
- Edit recording audio
- Upload recordings to slack
- Upload recordings to Google Drive, Dropbox, Onedrive
- Speech-to-text recording audios in over 50 languages
In the Call Recorder application, users can record
- Incoming/outgoing calls
- Domestic/international calls
- With/without an internet connection
Vulnerability Details and Fixes Available
The security researcher Anand Prakash of PingSafe AI was able to sniff out the flaw using a proxy to replace his phone number with the number of another user. This enabled him to listen to recordings at will.
“The vulnerability allowed any malicious actor to listen to any user’s call recording from the cloud storage bucket of the application and an unauthenticated API endpoint that leaked the cloud storage URL of the victim’s data.”, said the researcher from PingSafe.
An attacker can pass another user’s number in the recordings request and the API will respond with the recording URL of the storage bucket without any authentication. It also leaks the victim’s entire call history and the numbers on which calls were made.
The Bug is fixed and the new version is made live on App Store. The app was updated on March 6, 2021, with TechCrunch pointing out the release “patch a security report,” so it appears this takes care of the vulnerability.