TeleStar, publisher of the 'Call India - IntCall' app that was reported recently with a massive phone security vulnerability, has claimed that the app has been patched. In an email correspondence with News18, a TeleStar spokesperson stated, “We have updated the app and fixed the problem by doing phone verification by sms.”
The update marks the first update of any kind for the app, which has over 1 million downloads on the Google Play Store, in nearly four and half years. The patch now also reflects on the Google Play Store, which shows the update changelog date as May 14, 2019, while the description only states ‘bug fixes’, without any specific description.
The vulnerability was first reported by security research firm GIS Consulting. Explaining the potential risk carried in the vulnerability of the app, Naveen Dham, founder and CEO of GIS Consulting, told News18, “Through the app, I can, for instance, give the nation's Prime Minister's mobile number, and it will get registered. I can then use this app to contact the Army Chief, and give any instruction as per my will. This can be violated by terrorists, and by those who extort money through frauds. Any intruder or hacker could have used it, because there is no third party authentication.”
While 'Call India - IntCall' may be patched now, many users may already have fallen prey to malicious users. Dham affirms that there can possibly be more apps with similar vulnerabilities, which may allow any user to tap into any phone number and make fraudulent calls. He further states, “We are presently investigating more apps of such nature, which have the same threats and characteristics. I'm sure we will find more such apps.”
While this marks a surprising vulnerability in a highly rated app that would otherwise seem credible, the question of reliance on Google’s Play Store app ratings still remain to be answered.
Comments
0 comment