Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Android devices are at risk once again! Researchers found big loophole in famous app “Truecaller”!

 

The security researchers of Chinese mobile security company “Cheetah Mobile Security”, found a major loophole in famous application “Truecaller”. It is a very famous call management application, used by all most every android user.

 

How this loophole is dangerous?

Truecaller, only uses the IMEI number of devices for the identity. So if anyone have the IMEI number of any device, he can steal the personal information of Truecaller users. This major security flaw is allowing everyone to steal sensitive data of any Truecaller user. Approximately 100 Million Android devices are at risk, which are using Truecaller.

 

Also read: To fix critical flaw in Android Kernel, Google released an Emergency security patch!

Hackers can steal information regarding home address, mail box, phone number and gender by exploiting this vulnerability. Hackers can also make changes in device to malicious phishing purposes.

 

What can hackers do by exploiting this vulnerability?

First of all, hackers can steal all the sensitive information of users which include email, personal photos, address, usernames etc. Hackers can also make changes in the setting of application for their own use. Later hackers could use these setting to spread malware. Hackers can also disable the setting in devices, which are helpful for users to protect their devices from spam and third party malicious links. Hackers could also delete user’s contact black list.

 

How “Truecaller” respond to it?

This vulnerability was reported by the security researchers of “Cheetah Mobile Security” to the developers of “truecaller” within the hours after the found it. Therefore developers of truecaller got more time to fix this issue. This issue has been fixed by the truecaller now and they have also released an Update for their app.
 

Suggestion for Users

This vulnerability has been fixed by the Truecaller in the latest version of application. So update your application as soon as possible. According to a report released by Truecaller, a number of android users are still using old version of “Truecaller” which is vulnerable. To protect your device from malwares and attackers, update your application. Because every outdated application is a malware.

 

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.