Application Truecaller remote exploitation vulnerability involving Android 0.1 billion

Application Truecaller remote exploitation vulnerability involving Android 0.1 billion

Security researchers at the cheetah mobile security research lab found a serious vulnerability in the call management application Truecaller.

FreeBuf encyclopedia

Truecaller, a Swedish company, collects and classifies various numbers mainly by collecting the number book and using crowdsourcing (User-provided personal address records, it then provides functions such as Momo call identification, marketing phone interception, contact management, and yellow page query. It also connects to Yelp, Twitter, and other social tools and claims to be "Google in Yellow Pages ". It has 0.15 billion million users, of which 80 million are from emerging power India.

For Android users, update them as soon as possible.

Recently, security researchers at the cheetah mobile security research lab discovered a serious vulnerability in the call management application Truecaller.

This vulnerability allows anyone to steal sensitive information from Truecaller users and provides conditions for attackers to launch attacks. In general, more than 0.1 billion Android users who have downloaded the application on their smartphones are at risk.

Researchers found that Truecaller uses the IMEI of the device as the unique identity authentication tag for its users. This means that anyone who obtains the IMEI of the device can obtain the personal information of the Truecaller user (including the phone number, home address, email address, and gender), and without the user's consent, attackers can tamper with users' APP settings to expose real users to the threat of malicious fishermen.

 

 

By exploiting this vulnerability, attackers can:

Stealing users' personal information, such as account name, gender, email, profile photos, and home address;

Modify the user's APP settings;

Disable the spam interceptor;

Add a blacklist to a user;

Deletes user blacklists.

The cheetah mobile security research team has informed related developers of Truecaller immediately after discovering the vulnerability and provided everything possible to help developers solve the problem. Now the Truecaller manufacturer has solved the problem and released an upgrade program in March 22.

Although the vulnerability has been fixed in the latest version, users who have not updated the latest version are still at risk.CM Security Research Lab experts suggest Truecaller users upgrade the application to the latest version as soon as possible.