The COVID-19 pandemic has forced most offices to go remote, moving important meetings from physical conference rooms to a virtual setting. But if you're one of the millions who has been using the popular Call Recorder app to keep track of your conversations, you should delete it now: a major security flaw has been uncovered that could be exposing your information for anyone to hear, TechCrunch reports. Read on to see why the security breach is so serious, and for more on safety issues with your devices, check out If You’re Using This to Charge Your Phone, Officials Say Stop Now.
The Call Recorder app has a major vulnerability.
ShutterstockAccording to Anand Prakash, a security researcher and founder of Pingsafe AI, a vulnerability was discovered with the Call Recorder app that allows anyone to listen to a call that has been recorded and saved to the cloud using the service. His research found that all anyone needed to access the sensitive recordings was their target's phone number and the use of a common tool used to test the security of programming known as a "proxy tool." TechCrunch verified the findings by using a spare phone to replicate the results.
A hacker could mask their phone number to get access to sensitive recordings.
ShutterstockFortunately, Prakash immediately reached out directly to the app's developers to alert them to the danger, writing in a statement: “The vulnerability allowed any malicious actor to listen to any user’s call recording from the cloud storage bucket of the application and an unauthenticated API endpoint which leaked the cloud storage URL of the victim’s data." This means that the app's security hole allows potential hackers to mask their own phone number as their target's, granting them access to whatever recordings have been made by their account.
Millions of people could be affected.
iStockUnfortunately, the security breach could have pretty far-reaching consequences, as the app claims to have been downloaded by millions of users. It currently promotes itself as one of the top 20 most popular business apps in more than 20 countries, offering the ability to record incoming and outgoing calls for record-keeping purposes and transcription services of such calls in over 50 languages, PhoneArena reports. And for more tech news delivered right to your inbox, sign up for our daily newsletter.
You should delete and redownload the app immediately.
ShutterstockThe app's developers worked quickly to patch the security flaw after Prakash reached out to them with the discovery, relaunching a secure version of the app on March 6, TechCrunch first reported. It is recommended that anyone who currently has the app on their phone delete it and redownload the latest version as soon as possible to make sure that data isn't being left exposed. And for another tech concern you need to know, check out If You Own Any Apple Devices, You Need to Do This Immediately.