Truecaller launched Guardian last week, an app designed to share your location and important details with the “ guardians ” of your choice in an emergency. The app is supposed to be able to help you as quickly as possible wherever you are.
Shortly after the app was announced, a major bug was discovered that could allow hackers to take full control of and track user accounts.
According to a report published in The Next Web, security researcher Anand Prakash discovered a vulnerability in the Guardian app and notified Truecaller on Thursday. It was fixed the same day.
To understand, the main concept of the Guardian app is to share your information with your family members and other trusted contacts to stay safe while on the go / on the go. You can share your live location, phone battery status and network status with trusted contacts and let them know if you need help by clicking the ’emergency’ button.
Read also: Truecaller launches Guardians app for women’s safety
The bug discovered by Prakash was in the “Connect with Truecaller API” application. This meant that a hacker could use your phone number to log into your account on the Guardian app. They could then intercept the API request and change the phone number to access and control your account.
This account takeover could allow hackers to add themselves or just about anyone else as a trusted contact on another person’s profile. This bug also allowed the hacker to see details of your family members like name, birthdates, phone number, and location live.
Truecaller said in a statement that the bug was a development setup that had reached the final roll in error.
“In this case, the issue reported by Anand was due to an erroneously deployed development configuration during the launch phase. Our engineers were already deploying a patch when it was submitted to ensure user safety, ”said Truecaller.
Fortunately, no account data was released and the bug was fixed in time.