Truecaller bug had the potential to put 100,000,000 users's privacy at risk

Victor, 29 March, 2016

There is no doubt that Truecaller offers a splendid and truly natural upgrade to the otherwise really analog service that is voice calling. If you are not in the know about the app, it is simply an interactive directory for the smartphone age, that offers extra functions like blacklists, online statuses and access to aggregated personal info (address, photo, email etc.).

However, when dealing with sensitive personal data on such a big scale, hiccups are typically quite scary, as Truecaller can already attest. The last such scare was a new potential exploit that could allow access to any user profile on Truecaller. Luckily, the issue was discovered by Cheetah Mobile, rather than some scary hacker group, but it did still hold plenty of destructive potential.

Before you get too freaked out, the process does require access to your phone's IMEI address, which isn't too easy to obtain. Hackers claimed that obtaining it could allow them to steal or even alter details such as account name, gender, profile pic, home address and just about anything else Truecaller has on record for you. Allegedly, the method could even be used to modify account settings and tamper with stuff like spam filters and blacklists, potentially even disrupting the your phone experience.

Thankfully, whatever the exploit was, Truecaller has acted quickly and has already patched the bug. However in order for the fix to start working, you need to update their app. Hopefully, the problem won't escalate any further.

Source | Via


Related

Reader comments

  • justinbarber

exactly

Hahahahaha.... About two weeks ago I commented about that app. Everyone complain about privacy in social sites like facebook... When actually they upload all that data by them self, even with pictures of what they have and where they live. And...

  • Anonymous

Never used it because it harvest all contacts.