Vulnerability in iPhone app exposed recorded phone calls

Vulnerability in iPhone app exposed recorded phone calls
SHARE
A vulnerability in an iOS call recording app was found to give access to recorded phone calls by knowing the phone number of a user.
Detailed today by Anand Prakash from PingSafe AI, the vulnerability was discovered in an app known as “Automatic Call Recorder” that had been downloaded more than a million times from the Apple App Store. As its name suggests, the app records incoming and outgoing phone calls automatically.
The vulnerability related to insecure communications going in and out of the app. Using a proxy tool such as Burp Suite, Prakash could view and modify network traffic, allowing him to pass another user’s number in the recording request. The application programming interface would then respond with the URL of the Amazon Web Services Inc. S3 storage bucket where the recording was being stored.

Related Keywords

Anand Prakash ,Anurag Kahol ,Bitglass Inc ,Youtube ,Siliconangle Media Inc ,App Store ,Amazon Web Services Inc ,Apple App ,Burp Suite ,Amazon Web Services ,Automatic Call Recorder ,App Store March ,Automatic Call ,Silicon Valley ,Duncan Riley ,Siliconangle ,Vulnerability In Iphone App Exposed Recorded Phone Calls ,ஆனந்த் பிரகாஷ் ,வலைஒளி ,செயலி கடை ,அமேசான் வலை சேவைகள் இன்க் ,ஆப்பிள் செயலி ,பரப்பி தொகுப்பு ,அமேசான் வலை சேவைகள் ,தானியங்கி அழைப்பு ரெக்கார்டர் ,செயலி கடை அணிவகுப்பு ,தானியங்கி அழைப்பு ,சிலிக்கான் பள்ளத்தாக்கு ,டங்கன் ரைலி ,