"A viral app called Neon, which offers to record your phone calls and pay you for the audio so it can sell that data to AI companies, has rapidly risen to the ranks of the top-five free iPhone apps since its launch last week. The app already has thousands of users and was downloaded 75,000 times yesterday alone, according to app intelligence provider Appfigures. Neon pitches itself as a way for users to make by providing call recordings that help train, improve, and test AI models."
"At fault was the fact that the Neon app's servers were not preventing any logged-in user from accessing someone else's data. TechCrunch created a new user account on a dedicated iPhone and verified a phone number as part of the sign-up process. We used a network traffic analysis tool called Burp Suite to inspect the network data flowing in and out of the Neon app, allowing us to understand how the app works at a technical level, such as how the app communicates with its back-end servers."
Neon offered to record users' phone calls and pay for the audio so the company could sell the data to AI companies. The app quickly rose into the top-five free iPhone apps and was downloaded tens of thousands of times in a single day. A security flaw allowed any logged-in user to access other users' phone numbers, call recordings, and transcripts. Reporters created an account, inspected network traffic with Burp Suite, and discovered transcript text and web addresses accessible outside the app interface. The founder, Alex Kiam, took down Neon’s servers and began notifying users to pause the app but did not fully inform users about the security lapse. The app stopped functioning soon after contact.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]