A bug in a popular call recording app has leaked over thousands of users’ recorded conversations.
According to a report by TechCrunch, the bug was discovered by security researcher Anand Prakash in the popular call recording iPhone app, Call Recorder. The app allowed anyone to access the user’s call recordings just by entering their phone number.
According to TechCrunch’s report, Prakash could access the network traffic going in and out by simply using a proxy tool. That means, after Prakash registered on the app, he could replace the phone of another user and gain access to their call recording on his phone.
The findings of Anand Prakash was verified by TechCrunch.
Plus, Prakash also discovered that the recordings were being stored on a cloud storage bucket on Amazon Web Services and had over 1.3 lakh audio recordings over 300 gigabytes. Although the cloud storage server was open and the files inside were listed, the files could not be accessed or downloaded. The bucket was closed for press time.
However, the app has been fixed and the updates were rolled out to its users.
Even though the app was fixed, this incident makes one wonder how a minor carelessness can put users’ data at harm.
People should always remain a little cautious while sharing personal information with third-party apps.