How We Could Have Listened to Anyone’s Call Recordingsby@appsecure
105 reads

How We Could Have Listened to Anyone’s Call Recordings

by Anand Prakash3mFebruary 18th, 2022
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

The “Automatic Call Recorder” application is one of the popular applications used by iPhone users to record their calls. An attacker can pass another user’s number in the recordings request and the API will respond with the recording URL of the storage bucket without any authentication. The vulnerability was responsibly disclosed by [Anand Prakash] and [PingSafe] and is now fixed. PingSafe decompiled the IPA file and figured out S3 buckets, hostnames, and other sensitive details used by the application.

People Mentioned

Mention Thumbnail

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - How We Could Have Listened to Anyone’s Call Recordings
Anand Prakash HackerNoon profile picture
Anand Prakash

Anand Prakash

@appsecure

Founder PingSafe.

About @appsecure
LEARN MORE ABOUT @APPSECURE'S
EXPERTISE AND PLACE ON THE INTERNET.

Share Your Thoughts

About Author

Anand Prakash HackerNoon profile picture
Anand Prakash@appsecure
Founder PingSafe.

TOPICS

THIS ARTICLE WAS FEATURED IN...

Permanent on Arweave
Read on Terminal Reader
Read this story in a terminal
 Terminal
Read this story w/o Javascript
Read this story w/o Javascript
 Lite
L O A D I N G
. . . comments & more!