The ‘Guardians’ application launched by caller identification company Truecaller can be very harmful as it is possible for a potential attacker to login into a victim’s account by just using their phone number with the help of the application.
Truecaller is a smartphone application that has features of caller-identification, call-blocking, flash-messaging, call-recording, Chat & Voice by using the internet. It requires users to provide a standard cellular mobile number for registering with the service. The Guardian application was launched by the company on March 3 and currently has over 100,000 downloads on Play Store. The application includes an emergency button that notifies his or her selected contacts such as family members, with their real-time location details at the tap of a button during a crisis.
But, the founder of cybersecurity startup Pingsafe, Anand Prakash detected that it is possible for a potential attacker to login into a victim’s account by just using their phone number. Following this, the attacker was able to take full control over the account and data associated with it, including the live locations of the guardians or emergency contacts, the victim’s date of birth and profile picture he said.
However, the issue was resolved by Truecaller on March 4 soon after the company was reported about the flaw. The spokesperson for Truecaller confirmed that the vulnerability was possible due to a basic API error and they are trying their best to arrange for proper security and improvements in the Guardians application.