Call Recorder – an iPhone app capable of recording calls, downloaded by over a million people – has released thousands of phone conversations from users. The bug was discovered and reported on TechCrunch by Anand Prakash – security researcher, founder and CEO of PingSafe AI – who explained how it was enough to know the number of a person you wanted to spy on and use a proxy such as “Burp Suite”, to access recordings, entire call history and phonebook numbers in the smartphone of the victim.
In the verification phase, Prakash could have changed the traffic to and from the app as he pleased (but of course he didn’t), replacing his phone number with that of another user who is always subscribed to Call Recorder, in order to then log in to his cellphone. Having learned of the fact reported by the CEO of PingSafe AI, some managers of TechCrunch they then checked and found confirmation of the problem after using a spare smartphone. Until last Saturday, a new update was released in the App Store, in which notes it was mentioned the goal of “correcting a security report.” It is not yet known, however, if it could have solved the problem. given that Prakash, questioned by e-mail from the tech and computer site, did not momentarily give an answer.
Until before the incident, Call Recorder used an Amazon Web Services cloud call archive to store phone recording files. Space that was then closed. And thanks to Prakash’s directions, TechCrunch managed to enter the archive, which contained about 130,000 records. Although the cloud storage server was open and showing the files within it, the tech site managers were unable to access and download the files. The archive was then secured after the article was published.