The “Automatic call recorder” application is one of the popular applications used by iPhone users to record their calls. The app is among top-grossing in the Business category of App Store currently #15 in the downloads in the Business Category worldwide.
PingSafe AI, a security company that monitors multiple breaches in real-time, has uncovered a critical vulnerability in the iPhone automatic call recorder application that exposed thousands of users’ recorded calls.
The Call Recorder app-enabled third-parties to access a user’s entire library of recordings, just by knowing their phone number. Apple doesn’t offer call recording as a stock feature on the iPhone, so those wishing to do so easily need an app to facilitate the function.
In the Call Recorder application, users can record
The security researcher Anand Prakash of PingSafe AI was able to sniff out the flaw using a proxy to replace his phone number with the number of another user. This enabled him to listen to recordings at will.
“The vulnerability allowed any malicious actor to listen to any user’s call recording from the cloud storage bucket of the application and an unauthenticated API endpoint that leaked the cloud storage URL of the victim’s data.”, said the researcher from PingSafe.
An attacker can pass another user’s number in the recordings request and the API will respond with the recording URL of the storage bucket without any authentication. It also leaks the victim’s entire call history and the numbers on which calls were made.
The Bug is fixed and the new version is made live on App Store. The app was updated on March 6, 2021, with TechCrunch pointing out the release “patch a security report,” so it appears this takes care of the vulnerability.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights…
In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers,…
Apple users are falling prey to a sophisticated phishing campaign designed to hijack their Apple…
Hackers have been found leveraging weaponized virtual hard disk (VHD) files to deploy the notorious…
A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and…
A new threat has emerged, targeting unsuspecting iPhone users through the seemingly secure iMefofferssage platform.…
View Comments
but its not working Smart
I want call recorder for iPhone without third party