in

Truecaller’s Guardians app fixes bug that let hackers secretly track your family

https://cdn0.tnwcdn.com/wp-content/blogs.dir/1/files/2021/03/Guardian-app-796x417.jpg

Truecaller’s Guardians app fixes bug that let hackers secretly track your family

Guardian app from Truecaller

Prakash noted that the bug was in the app’s “Log in with Truecaller API.” That means an attacker could use your phone number to log in to your account. They could intercept the API’s request, and change the phone number to gain access to anyone’s account.

The account takeover allowed the hacker to add themselves or anyone as a trusted contact to a target’s profile. Plus, the bug allowed the hacker to view your family members’ details including names, birth dates, phone numbers, and live locations.

In a statement, Truecaller said that this bug was a development configuration, but made it to the final roll out by mistake:

In this case, the issue pointed out by Anand was due to a development configuration being rolled out by mistake during the launch phase. Our engineers were already rolling out a fix at the time of his submission to ensure user safety.

Thankfully, no account data was leaked. But for an application that’s focused on privacy, this was a dangerous bug that put user data at high risk. The company should’ve done a more thorough security audit before launching the app.

What do you think?

Written by restart1

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Loading…

0
https://techcrunch.com/wp-content/uploads/2020/05/ChristineSchindler_Headshot.jpg

PathSpot sells a scanner that fact checks your handwashing efficacy

https://cdn0.tnwcdn.com/wp-content/blogs.dir/1/files/2021/03/Screenshot-2021-03-04-at-16.08.04.png

How to use AI to transcribe, translate, and add subtitles to your videos