wordpress blog stats
Connect with us

Hi, what are you looking for?

Flaw in Airtel app’s API exposed email, address, IMEI of users

Using just subscribers' mobile numbers, a flaw in Airtel’s mobile app could have been exploited to access subscribers' sensitive information, including their email, address and device IMEI number, BBC reported. This put the privacy of more than 300 million subscribers in jeopardy. Other information about a subscriber that could have been accessed (ab)using the flaw were users’ name, gender, date of birth, address, subscription information, device capability information for 4G, 3G, GPRS, network information, activation date and user type (prepaid/postpaid). The flaw was discovered by independent security researcher Ehraz Ahmed. Airtel told BBC that the flaw has since been fixed. When contacted, Airtel sent us the following statement: "There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice. Since these were testing APIs, we can now confirm that no data related to our customers has been impacted. Airtel’s digital platforms are highly secure. Customer privacy is of paramount importance to us and we deploy the best of solutions to ensure the security of our digital platforms.” Ahmed told MediaNama, “I usually look for high-risk vulnerabilities in applications that store vast amounts of data, Luckily, I found this in Airtel, and got it fixed before it being exploited.” However, he told us that he wasn’t entirely sure if the flaw had indeed not been exploited before he discovered it, and said that it took him 15 minutes to find the flaw. He discovered the flaw on November 29,…

Please subscribe/login to read the full story.
Written By

Free Reads

News

Telecom companies are against a regulatory sandbox, as they think information revealed by businesses during the sandboxing process might be confidential should be out...

News

According to a statement, the executive body of the European Union had also sought internal documents on the risk assessments and mitigation measures for...

News

The newly launched partially open-sourced LLM Grok-1 can be commercially used but not trademarked.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

NPCI CEO Dilip Asbe recently said that what is not written in regulations is a no-go for fintech entities. But following this advice could...

News

Notably, Indus Appstore will allow app developers to use third-party billing systems for in-app billing without having to pay any commission to Indus, a...

News

The existing commission-based model, which companies like Uber and Ola have used for a long time and still stick to, has received criticism from...

News

Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...

News

Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ