A vulnerability in the Call Recorder application for recording calls allowed anyone to gain access to thousands of iPhone users’ phone recordings. The problem was discovered by Anand Prakash, a security researcher and founder of PingSafe AI. All that is needed for this is to know the phone number of another user.
Anand Prakash used the open source Burp Suite platform to perform web application security tests. With its help, he could view and modify traffic going in both directions. Simply put, he could change his phone number registered in the application to the phone number of another user and gain access to his conversation records.
This vulnerability was confirmed by the journalists of TechCrunch, who checked Prakash’s scheme. The Call Recorder iOS app stores recordings of its users’ conversations in cloud storage on Amazon Web Services. Although the file list was publicly accessible, the audio recordings could not be opened or downloaded. At the time of this writing, more than 130 thousand records of telephone conversations with a total volume of about 300 GB were stored in the cloud.
TechCrunch contacted the app developer and did not release the story until the issue was fixed. The note for the new version of Call Recorder states that the application update contains a “security report fix”.

Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.