03-10-2021, 10:50 AM
![[Image: 73dea9ac9d3f5ede21f05eacaebd03f9]](https://s.yimg.com/uu/api/res/1.2/bkNhfLOnsDabAr4dXDaIpg--~B/aD05MjU7dz0xNDAwO2FwcGlkPXl0YWNoeW9u/https://media.zenfs.com/en/techcrunch_350/73dea9ac9d3f5ede21f05eacaebd03f9)
A security vulnerability in the popular iPhone call recording app exposes thousands of joker madness users' recorded chats.Anand Prakash, a security researcher and founder of PingSafe AI, discovered the flaw that the aptly named call recording app allows anyone to access call recordings from other users knowing their phone number.But by using a readily available proxy tool like Burp Suite, Prakash can view and modify network traffic coming in and out of the app.
That means he can replace his phone number registered with the app with other app users' phone numbers and access their recordings on his phone.TechCrunch examines Prakash's findings using a secondary phone with a dedicated account.The app keeps a record of user calls in cloud storage hosted on Amazon Web Services, even if the cloud storage server is open and lists the files within it. But cannot access or download the files. The tank was closed by press time.At the time of writing, cloud storage had more than 130,000 recordings, which amounted to 300 gigabytes.
The app says it has downloaded more than 1 million times to date.TechCrunch contacted the app's developer and keep this story until bugs are fixed. A new version of the app was sent to Apple's app store on Saturday. The release notes say that updating the app is a "Fix the safety report"Despite the short response to our initial email addressing the security issue, app developer Arun Nair did not return a request for comment.Securely send tips via Signal and WhatsApp to +1 646-755-8849.You can also send files or documents using SecureDrop.