A bug in Truecaller’s Guardian app could let hackers track user’s family


By MYBRANDBOOK


A bug in Truecaller’s Guardian app could let hackers track user’s family

Truecaller has launched its Guardian app that has been designed to share location and important details with ‘guardians’ of user’s choice in cases of emergency. The app is supposed to be able to get users aid as quickly as possible at the location users are in. Soon after the app was announced, a major bug was discovered that could let hackers take full control over users’ accounts and track them.

 

According to a report, security researcher Anand Prakash discovered a vulnerability in the Guardian app and informed Truecaller about it. It was fixed on the same day.

 

The bug discovered by Prakash was in the app’s “Log in with Truecaller API”. This meant that a hacker could use user’s phone number to log into their account on the Guardian app. They could then intercept the API’s request and change the phone number to get access to user’s account and control it.

 

This account takeover could let hackers add themselves or pretty much anyone else as a trusted contact on another person’s profile. This bug also allowed the hacker to view your family members’ details like name, birth dates, phone number and live location.

 

Truecaller said in a statement that that the bug was a development configuration that made its way to the final roll by mistake.

 

“In this case, the issue pointed out by Anand was due to a development configuration being rolled out by mistake during the launch phase. Our engineers were already rolling out a fix at the time of his submission to ensure user safety,” Truecaller said.

 E-Magazine 
 VIDEOS  Placeholder image

Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org