"People trying to earn money by sharing their personal phone conversations with the new Neon app will have to find another way to generate income, at least for now. On Thursday, the service was taken down by its developer after the discovery of a serious security flaw that let Neon users access the call recordings and other data of fellow users."
"TechCrunch said it found the security vulnerability during a test of the Neon app. The flaw exposed the phone numbers, call recordings, and transcripts of Neon users to anyone signed in to the app. In its research, TechCrunch learned that the servers used by Neon were failing to prevent any logged-in user from accessing another person's call data."
Neon paid users to share personal phone conversations for money. A serious security flaw allowed signed-in users to access other users' phone numbers, call recordings, and transcripts. TechCrunch discovered the vulnerability during tests and found servers failed to prevent logged-in users from accessing others' call data. Network analysis revealed transcripts and URLs to audio files that could be viewed by anyone with the link. Developer Alex Kiam took the service offline and emailed users that the app would be temporarily disabled while extra security layers were added. The developer expects the app to return in one to two weeks.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]