A popular iPhone call recording app exposed the recordings of thousands of users data, a security researcher at PingSafe has found. The Call Recorder app contains a security vulnerability that enabled third-parties to access a user’s entire library of recordings, just by knowing their phone number. Apple doesn’t offer call recording as a stock feature on the iPhone, so those wishing to do so easily need an app to facilitate the function. The app makers proudly claim the app has been downloaded over 1 million times and says it was a top 20 business app in 20 countries. Noted security researcher Anand Prakash was able to sniff out the flaw using a proxy to replace his phone number with the number of another user, enabling him to listen into recordings at will.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
