Serious vulnerability in the app for recording calls “Call Recorder”

The iOS Call Recorder app, one of many that allows you to record phone calls, has suffered a serious security breach that exposed the recordings of 130,000 of those calls registered by users.

The bug allowed the call records to be accessed just by knowing the cellular line number

A security analyst from PingSafe AI discovered the bug that allowed access to recordings and other information about Call Recorder users, such as: B. Call history and phone numbers from which calls were made. Only with know the number of the cellular line The URL under which the calls were saved could be accessed, up to a total of 130,000 records.

It was easy enough Replace the phone number in the app with a different one This was an easy way to get access to the call file recorded by another user. These are stored in an online area that Call Recorder has signed up with AWS (Amazon Web Services), along with other data about users and their accounts, which luckily is adequately protected and inaccessible.

The analyst who found the vulnerability, Anand Prakash, alerted the developers immediately (the events took place on February 27th), however I didn’t get a response from the call recorder. He later contacted Tech Crunch, who repeated the messages and then started up from Call Recorder. It took no more than a few hours to resolve the vulnerability.

With Call Recorder you can also save the recordings of the calls in areas in the cloud available to the user (Dropbox, Google Drive, One Drive …) and send them to other platforms such as Slack. However, the bug only affects the recordings that were kept in the area reserved by the app itself in the AWS services.

Click to rate this entry!
(Votes: 0 Average: 0)
Share!

Leave a Comment