comscore Truecaller's Guardian app bug that led hackers track users' data gets fixed

Truecaller's Guardian app bug that led hackers track users' data gets fixed

The Guardian app's bug let hackers have full control over user's account, and track their family details including names, birth dates, phone numbers, and live locations.


Truecaller just last week launched a new Guardian app that’s designed for users to share their location and other important details with family for safety. While some had just begun testing the app, a major bug was discovered soon after it was announced which could have cost users to lose their credentials to hackers. Also Read - Truecaller launches improved version of app for Apple iPhones

As per a TNW report, security researcher Anand Prakash discovered a vulnerability within the Guardian app and informed Truecaller about the issue on March 4. Prakash notes that the bug was found in the app’s “Log in with Truecaller API” which means miscreants would had have full control over the user’s account by simply using their phone number for log-in. The hackers could intercept the API’s request, and change the phone number to get access to a user’s account. This account takeover allowed hacker to add themselves as a trusted contact on another user’s profile. Also Read - How to turn off the last seen feature on Truecaller

The bug even allowed ‘the hacker’ to view a user’s family members’ details including names, birth dates, phone numbers, and live locations, as per the report. Also Read - Truecaller new features for Android: Callers can now flash messages while calling

While the idea behind the Guardian app is to share vital information with family members and other trusted contacts to stay safe while commuting, the bug did pose a serious threat to users’ credentials. Thankfully, the issue was acknowledged by Truecaller and they fixed it on the same day.

“In this case, the issue pointed out by Anand was due to a development configuration being rolled out by mistake during the launch phase. Our engineers were already rolling out a fix at the time of his submission to ensure user safety,” Truecaller cited.

As per the TNW report, no account data was leaked, but the vulnerability brings the question on Truecaller’s security measures.

  • Published Date: March 9, 2021 10:05 PM IST
  • Updated Date: March 9, 2021 10:15 PM IST
For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel. Also follow us on  Facebook Messenger for latest updates.