March 8, 2021 8:12:25 pm
Truecaller recently launched the Guardians app, a safety tool that lets users permanently share their location in real-time, or live-location to their selected contacts. The app is meant to help users with security so that those they trust have their whereabouts at any given point in time.
However, a recent report by PingSafe suggested that an attacker could use Truecaller’s Guardians app to track someone’s live location, along with other details like the profile picture, date of birth and emergency contacts. The report states that the vulnerability existed in the “Log in with Truecaller” option in the Guardian’s application. Truecaller has fixed the issue, adds the report.
“By Intercepting the Login API request, the attacker could have changed the “number” parameter to victim’s number keeping all other parameter’s value to their and forwarding the API request. The API responded with a valid access token of the victim in response headers,” the report shared.
When the attack was executed correctly, the attacker would be logged into the victim’s account and would have access to all of the victim’s information. The attacker could then add more “trusted” members into the account, who would now have access to the victim’s location, alongside other contacts that the victim actually selected.
Truecaller has fixed the vulnerability
The report adds that the issue was reported to Truecaller on March 4, and the company acknowledged the flaw on the same day. By March 6, the Truecaller team had fixed the issue and this attacking method should now no longer work.
“Companies tend to miss out on such fundamental issues even after rigorous security assessments. The repercussions of such problems are enormous and impact customers’ privacy and lead to companies’ revenue losses,” adds the report.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines
- The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.