Security Vulnerability in 'Call Recorder' App Exposed User Conversations

by

A security flaw in an app called "Call Recorder" exposed thousands of customer conversations, reports TechCrunch. The vulnerability was found by PingSafe AI researcher Anand Prakesh, and has since been patched.

call recorder app
The Call Recorder app is designed to allow iPhone users to record their incoming and outgoing phone calls, with those recordings stored in the cloud on Amazon Web Services.

Using a proxy tool like Burp Suite, Prakash was able to view and modify network traffic going in and out of the app, and when replacing his phone number with the phone number of another Call Recorder user, their recordings became available on his phone.

There were more than 130,000 audio recordings available, though the files could not be accessed or downloaded outside of the app. TechCrunch informed the developer about the security flaw and it was fixed in an update on Saturday.

A recent report from mobile security firm Zimperium suggested that thousands of iOS apps that use public cloud services like Amazon Web Services, Google Cloud, and Microsoft Azure have improper setups that risk exposing user data.

6,608 iOS apps were found to be exposing users' personal information, passwords, and medical information. Zimperium CEO Shridhar Mittal said that cloud storage misconfigurations are a "disturbing trend."

"A lot of these apps have cloud storage that was not configured properly by the developer or whoever set things up and, because of that, data is visible to just about anyone. And most of us have some of these apps right now," he said.

No apps were named in the report because of the vulnerabilities involved, but some were major apps including a mobile wallet from a Fortune 500 company and a transportation app from a large city.

Tags: App Store, AWS

Top Rated Comments

Rigby Avatar
Rigby
16 months ago

Anything goes in the walled garden as long as Apple gets its pound of flesh.

Remember when they said it was going to be curated?
If you expected Apple to be able to somehow detect every bug or vulnerability in every 3rd party app, you have completely unrealistic expectations.


You're safer using the open Web, thanks to the protections of Google.
Thanks for the laugh.
Score: 9 Votes (Like | Disagree)
MichaelMaier Avatar
MichaelMaier
16 months ago

I always wonder why people need to record a phone call, since without consent it can’t be used as evidence in a trial and might ilegal in US…… until someone from Instacart’s customer support told me to “get over it” and accept that they spy their customers but is not different from anyone else. I was like….but I’m paying for your to spy on me? And they said yes! …. I wish I have a way to record those calls.
Correct me if I’m wrong, but in most US states you only need the consent from one participant of a recorded conversation.
Score: 5 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
16 months ago

I always wonder why people need to record a phone call, since without consent it can’t be used as evidence in a trial and might ilegal in US…… until someone from Instacart’s customer support told me to “get over it” and accept that they spy their customers but is not different from anyone else. I was like….but I’m paying for your to spy on me? And they said yes! …. I wish I have a way to record those calls.
The laws in the US vary by state and jurisdiction. Some have 2 party consent, others only require 1 party. You are right that with consent, the recording can be used as evidence in court. I live in a 1 party consent state. Fyi, 37 other states and the District of Columbia are also 1 party consent.

With that knowledge in hand, it's not really that hard to fathom why people record calls.
Score: 4 Votes (Like | Disagree)
deevey Avatar
deevey
16 months ago

I always wonder why people need to record a phone call, since without consent it can’t be used as evidence in a trial and might ilegal in US…… until someone from Instacart’s customer support told me to “get over it” and accept that they spy their customers but is not different from anyone else. I was like….but I’m paying for your to spy on me? And they said yes! …. I wish I have a way to record those calls.
Try calling any customer service dept multiple times. Half the time they deny having a log of the previous complaints or fail to relay the call correctly.

Being able to play the call back to their supervisor - priceless !
Score: 4 Votes (Like | Disagree)
Apple_Robert Avatar
Apple_Robert
16 months ago

Anything goes in the walled garden as long as Apple gets its pound of flesh.

Remember when they said it was going to be curated?

You're safer using the open Web, thanks to the protections of Google.

If you use Safari Fraudulent Website Warning (which you probably do by default), that's a Google feature (Apple sends the URLs to Google's servers to check them).

None of this makes Apple look good in its antitrust hearings where they say consumers trust them to have a safe app store and thus can't allow third party app stores or payment services.
How is the subject of the article Apple's fault?
Score: 3 Votes (Like | Disagree)
dk001 Avatar
dk001
16 months ago

I always wonder why people need to record a phone call, since without consent it can’t be used as evidence in a trial and might ilegal in US…… until someone from Instacart’s customer support told me to “get over it” and accept that they spy their customers but is not different from anyone else. I was like….but I’m paying for your to spy on me? And they said yes! …. I wish I have a way to record those calls.
Sadly not true.
Recently wrapped up a legal issue where party A in a State without dual consent could record and use everything while the other side living in a dual party consent State could not.

Then again it can be fun to put "your call may be recorded for quality purposes..." on your line. :eek: The telemarketers hang up fast.
Score: 2 Votes (Like | Disagree)
Read All Comments

Related Stories

applearcade

Apple Considered Launching Cloud Gaming Service

Monday October 18, 2021 7:05 am PDT by
Apple has discussed launching a cloud-based gaming service to rival the likes of Xbox Cloud Gaming and Google Stadia, according to Bloomberg's Mark Gurman. In his latest "Power On" newsletter, Gurman explained that Apple has considered launching a cloud-based game streaming service like its competitors (emphasis our own):Apple's gaming service is somewhat unique, relying on games that run on ...
Read Full Article66 comments
homekit showdown 2 thumb

iOS 15.2.1 and iPadOS 15.2.1 Address HomeKit Vulnerability

Wednesday January 12, 2022 10:31 am PST by
Apple today released iOS 15.2.1 and iPadOS 15.2.1, minor updates that include an important security fix for a known HomeKit vulnerability that was first discovered last year. According to Apple's security support document for the update, it addresses an issue that could cause a maliciously crafted HomeKit name to result in a denial of service, causing iPhones and iPads not to work. Apple...
Read Full Article45 comments
iCloud General Feature

Apple Reportedly Storing Over 8 Million Terabytes of iCloud Data on Google Servers

Tuesday June 29, 2021 7:07 am PDT by
Apple has dramatically increased the amount of iCloud user data it stores on Google Cloud, according to The Information. The report claims Apple now has over eight million terabytes of data stored on Google's servers. As of mid-May, Apple was reportedly on track to spend around $300 million on Google cloud storage services this year, which would represent an increase of roughly 50% from all...
Read Full Article242 comments
xcode cloud

Apple Now Offering Developers Access to Xcode Cloud

Monday June 28, 2021 11:55 am PDT by
Apple today began notifying developers that they're able to use the new Xcode Cloud service that was first introduced at the Worldwide Developers Conference in June. "We're pleased to let you know your account has been enabled for Xcode Cloud beta," reads the email sent out to developers. "You can now take advantage of continuous integration and delivery service built into Xcode 13." Xcode ...
Read Full Article38 comments
aapl 1q22 line

Apple Reports Record 1Q 2022 Results: $34.6B Profit on $123.9B Revenue

Thursday January 27, 2022 1:37 pm PST by
Apple today announced financial results for the first fiscal quarter of 2022, which corresponds to the fourth calendar quarter of 2021. For the quarter, Apple posted revenue of $123.9 billion and net quarterly profit of $34.6 billion, or $2.10 per diluted share, compared to revenue of $111.4 billion and net quarterly profit of $28.8 billion, or $1.68 per diluted share, in the year-ago quarter...
Read Full Article158 comments
playstation now

Apple Document Suggests Sony Considered Bringing PS Now Gaming Service to Mobile Devices

Friday December 10, 2021 2:54 pm PST by
Back in 2017, Sony was planning to launch the PlayStation Now cloud gaming service on mobile phones, according to a leaked document sourced from the Epic v. Apple trial by The Verge. An Apple document referenced an unannounced "mobile extension of an existing streaming service for PlayStation users, streaming access to over 450+ PS3 games to start, with PS4 games to follow." No such...
Read Full Article97 comments
improve siri dictation

iOS 15.4 Beta 2 Fixes Bug That Caused Some iPhones to Record Siri Interactions Even When Users Opted Out

Tuesday February 8, 2022 3:57 pm PST by
The second beta of iOS 15.4 addresses an iOS 15 bug that was allowing the iPhone to upload some Siri recordings to Apple even when users had previously opted out of doing so, Apple said in a statement to ZDNet. Recordings were mistakenly kept for some users who disabled the option to share their Siri voice interactions or dictation with Apple for the purpose of improving the voice assistant. ...
Read Full Article46 comments
powerdir exploit microsoft

Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update

Monday January 10, 2022 9:17 am PST by
Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data. Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the...
Read Full Article66 comments

Popular Stories

RIP iPod Feature

RIP iPod: A Look Back at Apple's Iconic Music Player Over the Years

Friday May 13, 2022 2:25 pm PDT by
Apple earlier this week announced the discontinuation of the iPod touch, and because it was the last iPod still available for purchase, its sunsetting effectively marks the end of the entire iPod lineup. To send the iPod on its way, we thought it would be fun to take a look back at some of the most notable iPod releases over the last 21 years. Original iPod (2001) Introduced in October...
Read Full Article95 comments
iOS 16 mock for article

Gurman: iOS 16 to Include New Ways of System Interaction and 'Fresh Apple Apps'

Sunday May 15, 2022 6:14 am PDT by
iOS 16 will include new ways of interacting with the system and some "fresh Apple apps," Bloomberg's Mark Gurman has said, offering some more detail on what Apple has in store for the upcoming release of iOS and iPadOS set to be announced in a few weeks at WWDC. In the latest edition of his Power On newsletter, Gurman wrote that while iOS 16 is not likely to introduce a major face-lift to...
Read Full Article168 comments
14 16 inch 2021 mbps back to back feature orange

Five Things You Still Can't Do With a MacBook Pro

Wednesday May 11, 2022 11:16 am PDT by
It's been over 200 days since Apple debuted its redesigned MacBook Pro lineup. Offered in 14-inch and 16-inch display sizes, the new-look MacBooks wowed Apple fans and creative pros alike with their powerful custom Apple silicon, mini-LED screen, and multiple connectivity options. But there are still some things you can't do with a MacBook Pro. Here are five features some Mac users are still...
Read Full Article267 comments
iOS 16 mock for article

Which Devices Will iOS 16 and iPadOS 16 Support?

Thursday May 12, 2022 7:29 am PDT by
While there are as yet no concrete rumors related to which devices iOS 16 and iPadOS 16 will support, the discontinuation of the iPod touch earlier this week may be an indication that as many as nine devices could be about to lose support for Apple's upcoming operating systems. iOS and iPadOS 13, 14, and 15 support all of the same devices, with the iPhone 6S and iPhone 6S Plus,...
Read Full Article155 comments
apple mac ipad watch trade in

Apple Launches Limited-Time Bonus Trade-In Credit for iPhone, iPad, Mac, and Apple Watch in Many Countries

Wednesday May 11, 2022 5:14 am PDT by
Apple has launched a special limited-time offer for iPhone, Apple Watch, Mac, and iPad trade-in that offers customers additional credit when trading in their only device for a new one. The offer is being run in several countries including the US, UK, Germany, Spain, Italy, South Korea, Japan, Taiwan, China, India, and France. In the UK, Apple is offering up to £50 of extra trade-in credit...
Read Full Article24 comments
sony

Sony Unveils Redesigned WH-1000XM5 Headphones With Improved Noise Cancelation

Thursday May 12, 2022 9:26 am PDT by
Sony's flagship WH-1000XM4 noise-canceling headphones have been among the best on the market for some time, and today Sony announced its fifth-generation WH-1000XM5 headphones, boasting a new design and several improvements over the previous model. The redesigned headphones replace the shrouded arms that swivel on the XM4's with an exposed arm that has a single contact point at the earcups,...
Read Full Article132 comments
apple tv 4k design clue

Kuo: New Apple TV to Launch in Second Half of 2022, Lower Price Possible

Friday May 13, 2022 7:58 am PDT by
Apple plans to launch a new version of the Apple TV in the second half of 2022, according to well-known analyst Ming-Chi Kuo. In a tweet today, Kuo said the new Apple TV will have an improved cost structure, suggesting that the device could have a lower price that is more competitive with other streaming media players like Google's Chromecast line, Amazon's Fire TV line, and the Roku line. ...
Read Full Article202 comments
iPhone 14 Purple Feature

Full Range of iPhone 14 Color Options Revealed by Purported Leak From China

Wednesday May 11, 2022 2:20 am PDT by
The iPhone 14 and iPhone 14 Pro models will be available in a refreshed range of color options, including an all-new purple color, according to a recent rumor. The claim comes from a post on Chinese social media site Weibo by an unverified source and purports to reveal the full range of color options for Apple's upcoming iPhone 14 and iPhone 14 Pro models. Compared to the selection of color...
Read Full Article