To Customer Support To Customer Support

Remotely Exploitable Flaw in Truecaller Leaves 100 Million Android Devices Vulnerable

  • 27 March 2016
  • 5 replies
  • 313 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
March 27, 2016  By Pierluigi Paganini
 
                                              http://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2016/03/truecaller.png?zoom=1.5&resize=600%2C237
 

Security researchers from the Cheetah Mobile Security Research Lab discovered a severe flaw in the call management application Truecaller.

 
Recently, security researchers from the Cheetah Mobile Security Research Lab discovered a severe loophole in the popular phone call management application Truecaller.
 
This vulnerability allows anyone to steal Truecaller users’ sensitive information, potentially opening doors for attackers. Overall, more than 100 Million Android users who have downloaded this app on their smartphones are in danger.
 
Full Article

5 replies

Ssherjj
Rank
Userlevel 7
Badge +62
Thanks for the information Jasper! That is one app that I haven't installed on my Android...;)
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
Baldrick
Rank
Userlevel 7
Another day, another app that appears to be compromised...wondering as to whether the headlong rush to bring apps to market is having a deleterious effect on quality? 
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
@ wrote:
Another day, another app that appears to be compromised...wondering as to whether the headlong rush to bring apps to market is having a deleterious effect on quality? 
I bet it one app you won't be installing as well Sherry.
 
I think you are right Baldrick. I am sure many of the apps were just a rushed thing with a lot less thought to security as should have been.
Maybe a case of get it out there and see how it goes and if it takes off I will do more with it. While not for a lot of the devs. I am sure it was the case with some.
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
by Chris Brook March 29, 2016
 
                                                



Researchers are encouraging Android users who may have downloaded a popular caller identification application to update, as a previous version of the app inadvertently leaked user information.

The app, Truecaller, specializes in phone call management and has been installed at least 100,000,000 times, according to its listing on Google’s Play marketplace. While the app is also available for iPhone, Windows, and Blackberry devices, this particular issue only exists in the app’s Android build.
 
Full Article
Baldrick
Rank
Userlevel 7
Android seems to be another one, along with Apple, that seems to have hit a purple patch in terms of bugs, hacks, leaks, etc...in otherwords all of the 'not good things'. :S 
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.