Follow Us:
Thursday, May 26, 2022

Truecaller’s Guardians app fixes flaw, which allowed hackers to track anyone’s location

A security vulnerability in Truecaller’s Guardians app, now fixed, briefly allowed attackers to obtain a victim’s live location along with other personal details.

By: Tech Desk | Mumbai |
March 8, 2021 8:12:25 pm
Truecaller Guardians, Guardians app, Truecaller Guardians app,Truecaller has fixed the security vulnerability as of March 6. (Image Source: Truecaller)

Truecaller recently launched the Guardians app, a safety tool that lets users permanently share their location in real-time, or live-location to their selected contacts. The app is meant to help users with security so that those they trust have their whereabouts at any given point in time.

However, a recent report by PingSafe suggested that an attacker could use Truecaller’s Guardians app to track someone’s live location, along with other details like the profile picture, date of birth and emergency contacts. The report states that the vulnerability existed in the “Log in with Truecaller” option in the Guardian’s application. Truecaller has fixed the issue, adds the report.

“By Intercepting the Login API request, the attacker could have changed the “number” parameter to victim’s number keeping all other parameter’s value to their and forwarding the API request. The API responded with a valid access token of the victim in response headers,” the report shared.

When the attack was executed correctly, the attacker would be logged into the victim’s account and would have access to all of the victim’s information. The attacker could then add more “trusted” members into the account, who would now have access to the victim’s location, alongside other contacts that the victim actually selected.

Best of Express Premium

UPSC Key – May 26, 2022: Why and What to know about Hawala Transaction to...Premium
BJP big guns to lend Himachal CM Jai Ram Thakur a hand as corruption, fac...Premium
Explained: The message behind Margaret Atwood’s ‘unburnable&#...Premium
Welcome to the elusive world of crypto mining: Rohtak rig, 3 engineers, R...Premium

Truecaller has fixed the vulnerability

The report adds that the issue was reported to Truecaller on March 4, and the company acknowledged the flaw on the same day. By March 6, the Truecaller team had fixed the issue and this attacking method should now no longer work.

“Companies tend to miss out on such fundamental issues even after rigorous security assessments. The repercussions of such problems are enormous and impact customers’ privacy and lead to companies’ revenue losses,” adds the report.

For all the latest Technology News, download Indian Express App.

  • Newsguard
  • The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.
  • Newsguard