This iPhone app exposed thousands of users' recorded calls

News
By
published

Thousands of users' recordings at risk thanks to a vulnerability

Image Credit: Ajay Suresh | Flickr CC by 2.0
(Image credit: Image Credit: Ajay Suresh | Flickr CC by 2.0)

A security vulnerability has been discovered in a popular call recording app for the iPhone, potentially exposing the call recordings of thousands of users.

The flaw in the Automatic Call Recorder app was discovered by PingSafe AI security researcher Anand Prakash. It turns out that anyone could access recordings from other users, just as long as they knew the other users' phone numbers. 

According to Prakash, it's not as simple as entering a user's phone number and then having access to all their recorded calls. But it's not all that difficult either. Prakash accomplished it with the network-sniffing proxy tool Burp Suite. 

Widely used by security researchers, Burp Suite allowed Prakash to view and modify network traffic as it passed to and from the Automatic Call Recorder on his iPhone. It allowed  him to change the registered phone number with that of a different registered user. 

This vulnerability shows the inherent dangers of storing app data in cloud storage and failing to properly secure it, as was the case here. 

According to TechCrunch, who were able to replicate the exploit, Automatic Call recorder stores its recordings in a cloud-storage bucket hosted by Amazon Web Services. That bucket held around 130,000 recordings that took up 300 gigabytes of space.

A report last week from mobile security firm Zimperium suggests that leaky smartphone apps are far from rare. The firm found about 18,000 Android and iOS apps that hadn't set up cloud-storage databases correctly. While the apps weren’t named in that report, it does mean potentially millions of users are at risk of having their data exposed.

TechCrunch got in touch with Automatic Call Recorder’s developers, who promptly patched the exploit March 6. So there’s no need to delete all your recordings in a panic as long as you update Automatic Call Recorder to version 2.26. 

See more Phones News
TOPICS
Tom Pritchard
Tom Pritchard
UK Phones Editor

Tom is the Tom's Guide's UK Phones Editor, tackling the latest smartphone news and vocally expressing his opinions about upcoming features or changes. It's long way from his days as editor of Gizmodo UK, when pretty much everything was on the table. He’s usually found trying to squeeze another giant Lego set onto the shelf, draining very large cups of coffee, or complaining about how terrible his Smart TV is.

Read more
Find My iPhone
Apple Find My hack turns any Bluetooth device into a secret AirTag — what we know
DeepSeek logo on smartphone in front of merging US and Chinese flags
DeepSeek’s app contains serious privacy and security vulnerabilities that you should know about
iPhone 16 Pro shown held in hand
Apple just patched its first zero-day flaw of the year — update your iPhone and Mac right now
Software Update menu on iPhone showing iOS 18.2 ready to download
Apple Passwords app affected by critical bug — update to iOS 18.2 now
Apple iPhone 16 held in the hand.
iOS 18.3.1 — update your iPhone right now to fix critical zero-day vulnerability
redesigned photos app in iOS 18
Do you know which apps have access to your iPhone photo roll? Here’s how to check
Latest in iPhones
iOS 19 logo on an iPhone
iOS 19 — all the rumors so far
3D printed models of alleged iPhone 17 Air and iPhone 17 Pro design
iPhone 17 Air dummy model shows off Apple’s big design change
iPhone 16 Pro shown held in hand
iOS 19 may bring Apple Intelligence powers to more iPhone apps — but without any big new features
A render of the iPhone 17 Pro Max
iPhone 17 Pro Max — this new rumor could push people towards iPhone 17 Air
Apple Intelligence logo on iPhone
Apple confirms Siri 2.0 is delayed — 'it’s going to take us longer than we thought'
iPhone 17 Pro render
iPhone 17 Pro Max and iPhone 17 Air designs just teased in new video — here's your first look
Latest in News
iOS 19 logo on an iPhone
iOS 19 — all the rumors so far
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 11 (#639)
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
Gmail logo on iPhone
Gmail just got a huge AI upgrade that will save you a ton of time
Nina Oyama and Kate Box in Deadloch
One of my favorite shows on Prime Video has been totally overlooked — and it's got 100% on Rotten Tomatoes
Xbox handheld
Xbox handheld reportedly arriving this year, new PC-like console in 2027
More about iphones
iOS 19 logo on an iPhone

iOS 19 — all the rumors so far
3D printed models of alleged iPhone 17 Air and iPhone 17 Pro design

iPhone 17 Air dummy model shows off Apple’s big design change
a photo of a woman with strong abs

Forget weights and sit-ups — this 10-minute standing ab workout will blast your core

See more latest