Indian security researcher, Ehraz Ahmed discovered a critical security flaw in the Airtel mobile app that could expose the personal data of 32 crore subscribers. The flaw exists in their mobile app's API that allows an attacker to retrieve private sensitive information of any Airtel subscribers.
Airtel is the 3rd largest telecom service provider in India in terms of subscribers after Vodafone-Idea (VI) and Reliance Jio.
The critical security flaw could allow a hacker to retrieve private sensitive information of any Airtel subscribers and by having the sensitive details hacker can set up targeted attacks.
The private sensitive information that can be exposed includes First Name, Last Name, Birthdate, Email, Gender, Redidential Address, Subscription Data, Network Info, Device Capability info (2G/3G/4G), User Type (Postpaid/Prepaid), and IMEI Number.
The IMEI number is always a unique one and due to this, it can be used to recognize (identify) the device of the user. So, this security flaw creates a risk to all Airtel users, a likely chance of getting their private sensitive information exposed.
Security researcher, Ehraz Ahmed also demonstrates how the script (made by him) requests the API and retrieves the user's private sensitive information.
The company confirmed the flaw and also patched the flaw present in its mobile app's API immediately.
According to Airtel, the company's digital platforms are very secure and their customer's security and privacy are most important to them. Also, they use the best security solutions to protect the security and privacy of their digital platforms.
Ehraz Ahmed had found a critical security flaw in a popular caller-identification app Truecaller in last month. This flaw could have exposed sensitive user data as well as device and location information to attackers. If you want to learn more about Truecaller flaw then Click here.
If you have any questions related to the critical Airtel mobile app's flaw and also want to share your views on this flaw then please mention in the comments box and I will get back to you.