Wednesday August 21, 2019
Home Lead Story Truecaller Ap...

Truecaller Apologises for Bug That Covertly Signed up Users for UPI

“If a user doesn’t request for a loan and provides an explicit consent, we don’t process any of their personal data for lending purposes,” the company added

0
//
truecaller, truecaller voice
Truecaller, which recently introduced loans as a part of its Truecaller Pay feature, also dismissed validity of reports that it reads user SMSs to create a credit scoring without users’ consent. Wikimedia Commons

Swedish caller identification app Truecaller on Tuesday apologised to the users who were affected by the the bug that automatically created Unified Payments Interface (UPI) accounts with their banking partners without their consent.

This “anomaly”, which triggered panic and hacking fears last week, affected less than 0.12 per cent of Truecaller’s total monthly users in India, said the company which has over 100 million daily active users in the country.

“We understand the frustration this news and numerous rumours may have caused to people, and we honestly apologise to them. We all at Truecaller feel awful this even happened in the first place,” Truecaller CEO Alan Mamedi said in a blog post.

Some users of Truecaller Pay feature last week complained that an SMS was sent out automatically without users’ consent to its banking partners.

Due to this anomaly some of Truecaller’s users automatically initiated a creation of payments profile that they never asked for.

Truecaller, Bug, UPI
The affected users received an SMS from ICICI Bank — starting from late Monday evening till morning hours on Tuesday — saying “your registration for UPI app has started. If it was not you, report now to your bank. Pixabay

“We deeply regret the trouble caused to these unsuspecting users, who may have thought that there is some breach to their bank account,” the company said.

“No bank accounts or financial information of users were compromised and immediate steps were taken to remove the issue and ensure the services were returned to normal,” it added.

Truecaller, which recently introduced loans as a part of its Truecaller Pay feature, also dismissed validity of reports that it reads user SMSs to create a credit scoring without users’ consent.

Also Read: Article 370 Stand Throws Bollywood’s Kashmir Plans in a Tizzy

“We would like to clarify that it is not correct,” Truecaller said.

“If a user doesn’t request for a loan and provides an explicit consent, we don’t process any of their personal data for lending purposes,” the company added. (IANS)

Next Story

Apple ‘Bug’ Puts iPhones with Latest iOS to Hacking Risk

The announcement was made by Ivan Krstic, Head of security engineering and architecture at Apple, during the annual Black Hat security conference in Las Vegas

0
Apple, Campus, China
A customer is entering the Apple store in Fairfax, Virginia. VOA

Apple has reportedly unpatched a bug in the latest iOS update 12.4 that it had fixed in the earlier iOS 12.3 update — leaving its most up-to-date iPhones vulnerable to hacking risk.

According to Motherboard, security researchers have already exploited the vulnerability in iOS 12.4 and released a public “jailbreak” on open-sourced software development platform Github — the first free public jailbreak for a fully-updated iPhone that’s been released in years.

As a result of the mistake, all iPhones running iOS 12.4 can now be jailbroken and several iPhone users have already tweeted that they are successfully running the “jailbreak”.

Jailbreaking an iPhone lets people customize their iOS devices and run unsupported apps.

Apple never allows unsupported apps on its iOS platform, which makes its devices extra secure.

The Cupertino-based tech giant was yet to respond to this.

Apple had fixed this flaw, found by a Google hacker, in the earlier iOS 12.3 version.

Smartphones
iPhones on display at an Apple store in Virginia, USA, April 4, 2016. VOA

“Due to 12.4 being the latest version of iOS currently available and the only one which Apple allows upgrading to, for the next couple of days (till 12.4.1 comes out), all devices of this version are jail breakable and vulnerable to what is effectively a 100+ day exploit,a Jonathan Levin, a security researcher was quoted as saying.

A security research that goes by the name of “Pwn20wnd” has published a jailbreak for iOS 12.4.

“The exploits for the iPhone can sell for millions of dollars, which means that no one has been willing to release jailbreak code publicly because Apple will quickly patch it,” said the report.

Also Read: India’s Chandrayaan-2 on Course to Moon

Security experts have warned to be careful what apps they download with this jailbreak.

Apple recently announced to pay up to $1 million to security researchers for finding flaws and vulnerabilities as part of its bug bounty programme.

The announcement was made by Ivan Krstic, Head of security engineering and architecture at Apple, during the annual Black Hat security conference in Las Vegas. (IANS)