Your identity is at Risk
Dr. Harold D'Costa
CEO-Intelligent Quotient Security System,
Sr.Consultant and Trainer (Maharashtra and Goa Police)
TrueCaller is an app for iOS; Android, Windows and Symbian based mobile phones. A Swedish company called True Software Scandinavia AB developed it; TrueCaller is a reverse lookup App that also serves as a global caller.
Once users download TrueCaller on their compatible devices, they have the option of giving the app access to their own phone book contacts (This generally happens during the app install itself and many users unknowingly approve access to it). Once installed, it reads through entire phonebook of the user and then sends the contact phone numbers (along with names) to TrueCaller’s servers and stored securely.
Users who have the app installed on their devices can then perform reverse lookups on virtually any phone number in the world. If the number has been stored up into TrueCaller’s servers, the app will return the request, giving details of the owner of the number including name, address and possibly even social networks and pictures.
TrueCaller does not stop at being just a reverse lookup app. It also serves as a global caller ID and displays details even for the numbers that are not in an individual user’s phonebook. As an illustrative example based on available information from the company’s website, suppose a person using TrueCaller app receives a phone call from a number which is not in his/her phone’s contact list. If the phone number is in TrueCaller’s database, it will display the name and other available details.
Skeptics who doubt the coverage of this app should know that there are more than 16 lakh mobile phone users in India who use TrueCaller, as per its CEO Alan Mamedi. In other words, 16 lakh phone books in their server have potentially been uploaded on TrueCaller’s database. While no clear statistics of exactly how many Indian phone numbers are present in the company’s database, it would possibly be massive and fairly comprehensive.
TrueCaller’s footprint goes much beyond Indian shores. The app itself supports users from all countries and virtually any user who has Internet access. The TrueCaller website mentions that it hardly takes 1 KB of data to process one reverse lookup request.From the perspective of an individual user, an advantage of using TrueCaller is that telemarketing and other unwanted calls can be avoided via the app’s comprehensive caller ID. However this method of ‘crowdsourcing data’ could pose threats to privacy of millions of mobile users in India and across the world.
According to a recent report TrueCaller database has numbers of many VIPs and official heads of states. It mentions “The mobile numbers of nearly every Indian Cabinet minister, heads of intelligence agencies such as the Intelligence Bureau and Department of Revenue Intelligence, and CEOs of India’s largest companies are all on the database.”
Claims of ‘breach of privacy’ are not totally unfound as users are complaining of the fact that their numbers have been listed on TrueCaller’s database without their knowledge or permission.
TrueCaller gives owners of telephone numbers an option to de-list their numbers from its database via a link on its website. But the question on the minds of many is “Should mobile phone numbers be publicly available? Shouldn’t a company ask the owner before listing their number, rather than the owner having to request a removal?”
Why TrueCaller is dangerous:
When you install TrueCaller application you give permission to access
* Read your text message, receive text message
* Full network access
* Modify your contacts, read call logs, read your contacts, write call logs
* Modify or delete the contents of your usb storage
* Read phone status & identity, reroute outgoing calls
* Directly call phone numbers
* Disable your screen lock
The above pitfalls put Indians at severe risk of becoming a victim of cyber space. With the TrueCaller server being hacked on 17th July 2013 by Syrian Electronic Army database of millions of people all round the world is potentially in the hand of the hackers, who could now misuse your mobile number to send spoofed SMS and make Phone call from your number to any person in this world. If you had stored your bank credentials in your mobile, this could now be the property of the hacker who could illegally transfer money from your account to any account of his choice. Needless to say that the time has come that “A Crorepati can become Roadpati instantly in few minutes”. Wait a minute your social networking credentials (Facebook account) if stored in your mobile would now be accessed by a hacker who can merrily play with your friends by posting objectionable and derogative contents and finally your email account could be hacked bringing your life to a complete stand still and the possibility of a legal action to be enforced against you.
What the law enforcement agency should do?
The time has now come for the cops to be proactive, technically and legally competent to address the issue at a microscopic level. Some of the immediate steps it should take:
* For any prank or spoofed SMS complaint refer to the Call Detail Record and find out whether the call or SMS is genuine or fake.
* For any e-banking frauds and money withdrawn from an account of the complainant seek the IP address from where the transactions have been done
* For any fraudulent email cases seek the login in and log out details of the email before courting any arrest
* For any social networking cases of vandalized profiles the law enforcement agency should get in touch with the service provider and ask for the up-dated log sheet
Finally a word of caution for every user of TrueCaller, the time has come to delete the application and also undelete all possible mobile apps to have their identity protected or else become a soft target of vicious cybercrime and start the never-ending journey of visiting police stations and courts.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.