Truecaller is a popular service that search and identify
any phone number and also can block the incoming calls and some SMS
messages from phone numbers that are categorized as spam sources .
Security researchers from Cheetah Mobile Security Research Lab have discovered a remotely exploitable Bug in “ True caller “ app that puts over millions of its users at risk by exposing the personal details of the users .
True caller has apps for many platforms like android , ios , windows , black berry , Symbian .
The Bug discovered by Cheetah Mobile Security Research Lab, affects Truecaller Android version .
Truecaller app asks users to enter phone number, email id, and other personal details, which is verified. It uses the device's IMEI to authenticate users.
Researchers were able to retrieve the personal details of other users based on the IMEI code just by interacting with app's servers.
The attacker can get some personal informations like account name, e-mail, profile picture, home address. Attackers can modify user's application settings, they can disable spam blockers and add or delete blacklist of users .
Attackers can write some scripts that query a random IMEI code to discover details about user and use them in spam and phishing campaigns.
Their servers are updated as well as released an update . In order to prevent get the latest version of truecaller.
Security researchers from Cheetah Mobile Security Research Lab have discovered a remotely exploitable Bug in “ True caller “ app that puts over millions of its users at risk by exposing the personal details of the users .
True caller has apps for many platforms like android , ios , windows , black berry , Symbian .
The Bug discovered by Cheetah Mobile Security Research Lab, affects Truecaller Android version .
Truecaller app asks users to enter phone number, email id, and other personal details, which is verified. It uses the device's IMEI to authenticate users.
Researchers were able to retrieve the personal details of other users based on the IMEI code just by interacting with app's servers.
The attacker can get some personal informations like account name, e-mail, profile picture, home address. Attackers can modify user's application settings, they can disable spam blockers and add or delete blacklist of users .
Attackers can write some scripts that query a random IMEI code to discover details about user and use them in spam and phishing campaigns.
Their servers are updated as well as released an update . In order to prevent get the latest version of truecaller.
No comments:
Post a Comment