According to the investigation the iOS call recording application that leaks user data and gave access to the conversation by simply entering the accurate phone numbers.

The application used is named “Automatic Call Recorder” or “Acr Call Recorder”. Whereas these applications had thousands of user reviews in App Store and which give this application a 4-star rating and the application is also listed among the top call recording application in Apple Store.

How They do this?

After the investigation, the security researcher Anand Prakash who is the founder of PingSafe AI, and many others identified that the application used cloud storage on Amazon and having multiple hostnames with other sensitive data that they used.

Overlapping the application network traffic using web proxy tools like Zap or Burp, the hackers can insert the phone number of the app user and request the recordings.

Whereas the API did not run any further authentication, moreover it returned the recordings that are linked with the phone numbers that passed in the request. The data of user call history is also got leaked by this.

However, the application has more than one million downloads from users located in 20 different countries across the world.

According to the experts, this application contains more than 130,000 recordings that carrying space of 300 GB on the cloud.

What Prevention are Taken?

Read the preventions described below to reduce the effects of these attacks.

• Use Screen Lock : Always use a lock on your screen, whether it is a passcode, pattern, bio-metric, facelock to prevent unwanted access to your mobile.
• Keep Software Updated : The software updates keep you secure from upcoming threats and malware viruses. To check your device is up to date go to about phone>>general>>system updates>> software update.
• Connect Secure Network : While using public WiFi, always use a virtual private network that allows you to secure your WiFi connection. Make sure to set a secure password and prevent others from using your network.
• Don’t Jailbreak Your Phone : Remember don’t root your phone it will remove the safeguard that manufacturers applied to maintain the security of your phone.
• Encrypt Your Data : Data encryption prevents you from unauthorized access to data caused by stolen or loss of your smartphone. Encrypted data is stored in unreadable form, therefore no one can misuse it.
• Install Antivirus : Always use antivirus software to protect your device from malware and spyware risks. The antivirus software we detect malicious activities and protect your data from them.
• Activate Device Finder : This will helps you to find your lost device. By enabling this feature you can lock, erase, and ring your stolen or lost device through the internet.
• Download Trusted Apps : Install and download applications from trusted provides like play store and apple store. Untrusted applications containing malware that infect your device and cause a data leak.