"While making test phone calls, TechCrunch's Zack Whittaker said he saw a list of his recent calls and how much money each call earned. That's the way the app is supposed to work. But using a network analysis tool, Whittaker uncovered details not available through the app, including a transcript of the call and a URL to the audio files, information anyone could view as long as they had the link."
"Thanks for using the app! Your data privacy is our number one priority, and we want to make sure it is fully secure even during this period of rapid growth. Because of this, we are temporarily taking the app down to add extra layers of security. You will not be able to make calls or cash out, and the app will temporarily display $0 in your account, but your money has not disa"
The Neon app contained a security vulnerability that allowed logged-in users to access other users' phone numbers, call recordings, and transcripts. TechCrunch found the flaw during testing and observed servers failing to prevent access to another person's call data. Network analysis revealed transcripts and URLs to audio files that anyone could view with the links. Developer Alex Kiam temporarily took the service offline, notifying users that data privacy is the top priority, that calling and cash-out functions are disabled, and that account balances will display $0 during the outage. The developer expects the app to return in one to two weeks.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]