in

Truecaller’s Guardians app fixes flaw, which allowed hackers to track anyone’s location


Truecaller recently launched the Guardians app, a safety tool that lets users permanently share their location in real-time, or live-location to their selected contacts. The app is meant to help users with security so that those they trust have their whereabouts at any given point in time.

However, a recent report by PingSafe suggested that an attacker could use Truecaller’s Guardians app to track someone’s live location, along with other details like the profile picture, date of birth and emergency contacts. The report states that the vulnerability existed in the “Log in with Truecaller” option in the Guardian’s application. Truecaller has fixed the issue, adds the report.

“By Intercepting the Login API request, the attacker could have changed the “number” parameter to victim’s number keeping all other parameter’s value to their and forwarding the API request. The API responded with a valid access token of the victim in response headers,” the report shared.

When the attack was executed correctly, the attacker would be logged into the victim’s account and would have access to all of the victim’s information. The attacker could then add more “trusted” members into the account, who would now have access to the victim’s location, alongside other contacts that the victim actually selected.

Truecaller has fixed the vulnerability

The report adds that the issue was reported to Truecaller on March 4, and the company acknowledged the flaw on the same day. By March 6, the Truecaller team had fixed the issue and this attacking method should now no longer work.

“Companies tend to miss out on such fundamental issues even after rigorous security assessments. The repercussions of such problems are enormous and impact customers’ privacy and lead to companies’ revenue losses,” adds the report.



Source link

Excitel offers free access to streaming platforms with its broadband plan

Insights on how night shift work increases cancer risk — ScienceDaily