TrueCaller Bug Puts The Data of 100 Million Users at Risk
Security Researchers have found a privacy bug in the Caller ID App giant, TrueCaller. This bug puts the personal details of about 100 Million users at risk.
TrueCaller Bug Puts The Data of 100 Million Users at Risk
This vulnerability was first described by Cheetah Security, however it has been fixed, only if users update to the latest version of the TrueCaller App.
This bug is only present in the Android App of the Truecaller, however company claims that they have fixed it. In November last year, Truecaller claimed that it is now having over 200 million users in various mobile platforms like Android, iOS and Windows.
Truecaller on Monday rolled out the latest update with fix of this privacy bug. Researchers at Cheetah Mobile Firm on Monday said that Truecaller uses the IMEI number of the device in order to identify the person. The proof concept was also shared with Softpedia, in which researchers managed to fetch the personal details of the users by ‘interacting with the app’s servers.’ Softpediafurther said that about 100 million users of the Android App are affected by this bug.
As mentioned above, this is due to TrueCaller’s utilization of the users IMEI number in order to identify the user.
“Truecaller uses devices’ IMEI as the only identity label of its users. Meaning that anyone gaining the IMEI of a device will be able to get Truecaller users’ personal information (including phone number, home address, mail box, gender, etc.) and tamper app settings without users’ consent, exposing them to malicious phishers” states security firm.
Security firm stated “This vulnerability allows anyone to steal Truecaller users’ sensitive information, potentially opening doors for attackers. Overall, more than 100 Million Android users who have downloaded this app on their smartphones are in danger”.
On exploiting this flaw, hackers are able to :
- “Steal personal information like account name, gender, e-mail, profile pic, home address, etc.
- Modify a user’s application settings:
- Disable spam blockers
- Add to a black list for users
- Delete a user’s blacklist”
Security firm, Cheetah Mobile contacted Truecaller about this bug and later the company updated their name servers and rolled out new version with fix on Android Platform.
Truecaller in a statement said that so far “no user information has been compromised” as a result of this vulnerability.
Comments
Post a Comment