Viral call-recording app Neon goes dark after exposing users’ phone numbers, call recordings, and transcripts

-
 A viral app called Neon, which offers to record your phone calls and pay you for the audio so it can sell that data to AI companies, has rapidly risen to the ranks of the top-five free iPhone apps since its launch last week.

The app already has thousands of users and was downloaded 75,000 times yesterday alone, according to app intelligence provider Appfigures. Neon pitches itself as a way for users to make money by providing call recordings that help train, improve, and test AI models

But Neon has gone offline, at least for now, after a security flaw allowed anyone to access the phone numbers, call recordings, and transcripts of any other user, TechCrunch can now report.


TechCrunch discovered the security flaw during a short test of the app on Thursday. We alerted the app’s founder, Alex Kiam (who previously did not respond to a request for comment about the app), to the flaw soon after our discovery. 


Kiam told TechCrunch later Thursday that he took down the app’s servers and began notifying users about pausing the app, but fell short of informing his users about the security lapse.


 The Neon app stopped functioning soon after we contacted Kiam.


Call recordings and transcripts exposed

At fault was the fact that the Neon app’s servers were not preventing any logged-in user from accessing someone else’s data.


TechCrunch created a new user account on a dedicated iPhone and verified a phone number as part of the sign-up process. We used a network traffic analysis tool called Burp Suite to inspect the network data flowing in and out of the Neon app, allowing us to understand how the app works at a technical level, such as how the app communicates with its back-end servers.


After making some test phone calls, the app showed us a list of our most recent calls and how much money each call earned. But our network analysis tool revealed details that were not visible to regular users in the Neon app. These details included the text-based transcript of the call and a web address to the audio files, which anyone could publicly access as long as they had the link.


For example, here you can see the transcript from our test call between two TechCrunch reporters confirming that the recording wo

rked properly.


Comments

Post a Comment

Popular posts from this blog

Starbucks store closings: Here's the list, so far, of locations shutting down nationwide

-
Image
The Seattle-based coffee giant said store closures would start immediately. The company wouldn't give an exact number of stores that are closing, but the bulk of the closures appear to be in the U.S. and Canada. Starbucks said it expects to have 18,300 North American locations when its fiscal year ends on Sunday. As of June 29, the company had 18,734 locations. Starbucks has not yet publicly shared a store closing list and did not reply to a request Thursday for a list to be provided.  However, workers at Starbucks locations around the country have begun sharing  online that they have been told their stores were closing . Using that list as a starting point, we were able to cross-check listings on the Starbucks online store locators.   Under store hours,  locations shutting down have "closed" listed for Sunday , Monday, Tuesday, and so on.  As of Sept. 25, we've been able to identify at least 90 Starbucks stores set to close, based on the company's w...
Read more

Safaree & Kimbella Private Video Leaked, Fans Point To Erica Mena

-
Image
  Safaree and his rumored girlfriend Kimbella Matos are considering damage control after an alleged video of them leaked online while some fans are pointing to Erica Mena to be behind the leak. The  Love and Hip Hop Atlanta  star and Kimbella have been in the news a lot lately, thanks to their public feud with his ex-wife  Erica Mena . In June,  Mena called Matos a “prostitute”  and slammed  Safaree Samuels  for dating her while they were still married. Almost two months later, Safaree and Kimbella are dealing with a leaked video. It’s unclear how folks on Twitter obtained the video which shows the couple getting it in. Only a couple seconds of it was shown on Twitter by an account that directed fans to their paid Patreon account to get the full video  here. Neither Safaree nor Kimbella Matos have addressed the leaked video, but the reality TV star revealed he was tested positive for Covid-19, which turned out to be a false positi...
Read more

Capt. Donald Cragen Dies in ‘Law & Order: SVU’ Season 27 Premiere

-
Image
The 27th season premiere of  “Law & Order: Special Victims Unit”  started on a somber note: with a loss of one of their own. The episode, which aired Thursday night, revealed that the unit’s beloved former captain, Donald Cragen (Dann Florek), has died. The current captain of the team, Olivia Benson ( Mariska Hargitay),  who  started out over 25 years ago with the squad under Cragen,  walks into a bar filled with current and former colleagues gathered to remember their former leader. She’s greeted first by George Huang ( BD Wong ), a psychiatrist who previously assisted the group during the early years, and then embraced by Brian Cassidy (Dean Winters), who was a detective alongside Benson during the show’s first season in 1999. It was also a romantic reunion of sorts since Benson and Cassidy casually hooked up in some of the show’s first episodes, and in later seasons, they reconnected and had a more serious relationship. Old video of Cragen giv...
Read more

Family members save children when mother tries to drown them, deputies say

-
Image
VALRICO, Fla. (WWSB) - A Valrico mother is facing attempted murder charges after witnesses say she tried to drown her three children at a community pool. Hillsborough County Sheriff’s deputies responded to a call at 1:28 a.m. Thursday at a community pool on Sacramento Street. Deputies found Shaniece Willingham, 24, on the pool deck. Family members had already intervened, pulling the children, ages 8 months, 2 years and 3 years, from the water and taking them to a nearby home. The sheriff’s office said Willingham left her parents’ home with the children following an argument. Shortly after, she began posting videos to Instagram saying she was going to harm herself and her children. Alerted by the videos, family rushed to the pool to see Willingham throw the children into the water before jumping in herself and holding the children underwater. They immediately intervened, deputies said, removing everyone from the pool. The children were not injured. Willingham was taken into ...
Read more