Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Truecaller app risks exposing info of 100 million users

A popular caller ID Android application that blocks incoming spam callers has a privacy flaw that threatens to expose the personal information of over 100 million users.

The Truecaller Android application only used International Mobile Station Equipment Identity (IMEI) numbers to identify its users, according to a blog posted by Cheetah Mobile, the research team that discovered the vulnerability. Remote attackers could exploit this flaw to gain access to phone number, home address, and other personal information. Attackers can also remotely change a user's application settings, including disabling spam blockers or deleting a user's blacklist. The Truecaller app has Android and iOS versions, although only the Android app is affected.

Truecaller stated in a security update posted Monday that no user information was compromised.

In July 2013, Syrian Electronic Army said it compromised more than 1 million Truecaller accounts by gaining access to seven company databases. The pro-Assad hacking collective is allegedly linked to the three individuals indicted by the Justice Department last week.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.