Hello, Guest

You seem to be interested in what's here, but haven't registered for an account yet or perhaps haven't logged in.
When you create an account, we will be able to remember what you've already read, so you can pick up exactly where you left off when you come back.

Oh, and it'll also get rid of this really annoying box.....

Lessons learned from the iPhone call recording app vulnerability


  • News quickly spread about a vulnerable call recording app for iPhone named “Call Recorder,” or “Acr call recorder,” as its listing in the Apple App Store states. TechCrunch was the first outlet to flag a design flaw with the mobile application’s API when it obtained call recordings from AWS S3 cloud storage to prove it was insecure and therefore open to API-based attacks. The weaknesses exhibited by the mobile app represent a vital shift occurring in cybersecurity towards the importance of the protection and hardening of APIs. From this instance alone, we can learn a number of valuable lessons as API attacks are set to rise drastically this year. Most of the issues in the Call Recorder vulnerability map directly to the OWASP API Security Top 10, a list that captures the most common API mistakes. This document is a great reference for DevOps and security teams that are looking to implement strong API security that can be applied to both web and mobile application systems, including those in the cloud.

    https://www.securitymagazine.com/articles/95154-lessons-learned-from-the-iphone-call-recording-app-vulnerability

Suggested Topics