Virus application called neon, which Offers to record your phone calls and pay you for the sound So you can sell this data to artificial intelligence companies, and has rapidly rose to the five five free iPhone applications since its launch last week.
The app has already contains thousands of users and has been downloaded 75,000 times yesterday, according to the App App Intelligence. The neon puts itself as a way for users by providing call recordings that help to train, improve and test artificial intelligence models.
But now Neon is in a non -connection mode, at least at the present time, after a security defect allowed anyone to reach phone numbers, call recordings and texts of any other user, can now report Techcrunch.
Techcrunch discovered the security defect during a short test on Thursday. The founder of the application, Alex Kyam (which was previously You did not respond to a request to comment on the application), To the defect shortly after our discovery.
Kiam Techcrunch later on Thursday told that he had registered the application servers and began noting users to temporarily stop the application, but he did not think about informing his users of the security separator.
The Nion application stopped working shortly after contacting KIAM.
Open calls
On a mistake, the fact that the neon servers did not prevent any registered user from accessing someone else’s data.
TECHCRUNCH has created a new user account on a custom iPhone and check a phone number as part of the registration process. We used the network traffic analysis tool called Burp Suite to check the network data that flows inside and outside the neon application, allowing us to understand how the application works at the technical level, such as how the application communicates with its rear servers.
After making some test calls, the application showed us a list of our latest calls and how much money gained. But our network analysis tool revealed details that were not visible to ordinary users in the neon application. These details included the text based on the call for the call and the web address to the audio files, which anyone can publicly access as long as he has the link.
For example, you can here see the text from our test call between Techcrunch correspondents confirm that registration works properly.
But the rear -facing servers were also able to spit on other people’s recording paths and texts.
In one cases, Techcrunch found that neon servers can produce data on the latest calls made by the users of the application, as well as providing general web links for raw sound files and text text of what was said in the call. (The audio files contain records of those who installed the neon, not those they called.)
Likewise, neon servers can be processed to detect recent call records (also known as as as Identification data) From any of its users. This descriptive data contained the user’s phone number and the person who is connected to it, and when the call was made, its duration, and the amount of money acquired for each call.
Reviewing a handful of texts and audio files indicates that some users may use the application to make lengthy calls that record conversations in the real world with other people to create money through the application.
The application is turned off, now
Shortly after Nion Nion alerted us to the defect on Thursday, the company’s founder, KIAM, sent an email to customers to alert them to stop the application.
“The privacy of your data is our first priority, and we want to ensure that it is completely safe even during this period of rapid growth. For this reason, we take the app temporarily to add additional layers of safety,” says email with Techcrunch.
It is worth noting that the email does not mention any safety of safety or that it displays user phone numbers, call recordings, and text calls to any other user who knows the location of the search.
It is not clear when the neon will return online or whether this security break will get the attention of the application stores.
Apple and Google have yet to respond to Techcrunch requests to comment on whether or not the neon is compatible with their developers guidance or not.
However, this will not be the first time that the application that suffers from serious safety problems in these applications market is. Recently, a famous Rafik Al -Mufair Rafik application, Tea, witnessed data breachWhich revealed the personal information of its users and identity documents issued by the government. Popular applications such as The arrested The locations of its users. Both stores should also be Purifying malicious applications regularly That slides after their application reviews.
When asked, Kyam did not immediately say whether the application had been subjected to any security review before it was launched, and if so, then whoever performed the review. Kiam also did not say, when asked, if the company has technical means, such as records, to determine whether anyone else has been found defects in front of us or if any user data is stolen.
In addition, Techcrunch continues to Vortfront Ventures and Xfund, which claims KIAM in LinkedIn post I invested in its application. None of the company did not respond to our requests to comment as of publication.
https://techcrunch.com/wp-content/uploads/2025/09/neon-phone-app-smaller.jpg?resize=1200,800
Source link