Remotely Exploitable Bug in Truecaller Puts Over 100 Million Users at Risk

Security researchers have discovered a remotely exploitable vulnerability in Called ID app “Truecaller” that could expose personal details of Millions of its users.

Truecaller is a popular service that claims to “search and identify any phone number,” as well as helps users block incoming calls or SMSes from phone numbers categorized as spammers and telemarketers.

The service has mobile apps for Android, iOS, Windows, Symbian devices and BlackBerry phones.

The vulnerability, discovered by Cheetah Mobile Security Research Lab, affects Truecaller Android version of the app that has been downloaded more than 100 Million times.

The actual problem resides in the way Truecaller identify users in its systems.

While installation, Truecaller Android app asks users to enter their phone number, email address, and other personal details, which is verified by phone call or SMS message. After this, whenever users open the app, no login screen is ever shown again.

This is because Truecaller uses the device’s IMEI to authenticate users, according to researchers.

“Anyone gaining the IMEI of a device will be able to get Truecaller users’ personal information (including the phone number, home address, mail box, gender, etc.) and tamper app settings without users’ consent, exposing them to malicious phishers,” Cheetah Mobile wrote in a blog post.

Cheetah Mobile researchers told The Hacker News that they were able to retrieve personal data belonged to other users with the help of exploit code just by interacting with Truecaller’s servers.

On a successful exploitation of this flaw, the attackers can:

Steal personal information like account name, gender, e-mail, profile pic, home address, and more.

Modify a user’s application settings.

Disable spam blockers.

Add to a black list for users.

Delete a user’s blacklist.

Cheetah Mobile informed Truecaller of this flaw, and the company updated their servers as well as released an upgraded version of its Android app on March 22 in order to prevent abuse exploiting this flaw.

Truecaller said in its blog post published Monday that the vulnerability did not compromise any of its user information.

About mallo

A college dropout and a Tech blogger, avid reader and dreamer at Bbcpak, who is extremely dedicated towards his tasks and a true prodigy. He is also a self-learned tech blogger and an Digital Marketing/SEO expert. It wouldn’t be possible for Bbcpak to be a success without him.

Check Also

Apple iPhone 9 Release Date Price Specs and Features

Apple is going to release its further invention of iPhone 9 which will be the …

5 comments

  1. To begin with I would want to say excellent blog! I had a
    simple question which I’d love to ask unless you mind.
    I used to be curious to discover how you will center yourself and clear your thinking before writing.
    We have had a difficult time clearing my mind in acquiring my ideas around.
    I really do get pleasure from writing nevertheless it just seems like the first ten or fifteen minutes are usually lost just trying to puzzle out how to begin. Any ideas
    or hints? Appreciate it!

  2. Woah! I’m really digging the template/theme of the blog.
    It’s simple, yet effective. Lots of times it’s hard
    to acquire that “perfect balance” between usability and appearance.
    I have to admit you possess done a great job with this particular.
    Additionally, the blog loads very fast to me on Internet explorer.
    Outstanding Blog!

  3. Hmm it looks just like your site ate my first comment (it was super long)
    thus i guess I’ll just sum it the things i submitted and say, I’m thoroughly enjoying your blog site.
    I at the same time am an aspiring blog blogger but I’m still unfamiliar with
    the whole thing. Do you have any tips for beginner blog writers?
    I’d certainly appreciate it.

  4. Hey fantastic website! Does running a blog like
    this require a lot of work? I have virtually no expertise in coding but I had
    been hoping to start my own blog soon. Anyway,
    if you have any ideas or techniques for new blog owners please share.
    I know this is off subject nevertheless I just needed to ask.
    Appreciate it!

  5. bookmarked!!, I like your web site!

Leave a Reply

Your email address will not be published. Required fields are marked *