On the list of things we’d rather not let total strangers in on, our phone calls are pretty high up there. Unfortunately, thousands of people using a popular iPhone app could have potentially experienced just that thanks to a nasty bug.
Your iPhone’s been bugged
The app, called “Call Recorder” very simply lets iPhone users record their calls so that they can listen to them again later. It stores these recordings in a “cloud storage bucket” hosted by Amazon, which held more than 130,000 recordings, says TechCrunch.
The glitch was discovered by a security researcher named Anand Parkash, and apparently gave anyone the ability to access other users’ recorded calls, so long as they knew their phone numbers.
According to TechCrunch, Parkash was able to view and modify network traffic flowing through the track with a simple proxy tool, meaning he could change his number to that of another registered user and see their recorded calls on his device. TechCrunch reports that it was able to do the same thing, displaying just how easy it was to take advantage of the bug.
Apparently the glitch has been fixed by the app’s developer, and a new version has been submitted to the app store, the release notes for which explain that the update was to “patch a security report”.
Though the issue has been fixed, that doesn’t help anyone who’s data may have already been jacked via these recorded calls. The whole incident is fairly ironic considering Apple’s fairly stringent privacy policies and practices.