API Bug Found in India’s biggest Telecom company Airtel.
The bug found by security researcher Ehraz Ahmad,. The data exposed, including IMEI Number. which is the unique identity number of mobile device.
As per the Telecom Regulatory Authority of the INDIA (TRAI) report, the Airtel would have 325 million active users by the end of September 2019. It has the third largest Telecom subscriber company after Idea-Vodafone (372 million) and Jio (355 million).
According to Ehraz,
India’s Airtel network was at risk of getting his information leaked through this vulnerability, and risking over 325.5 million subscribers in India.
What Is The Flaw in Airtel API?
The flaw existed in one of their API that allows you to fetch sensitive user information of any Airtel subscriber.
It has revealed the information like First and Last Name, Gender, Email, Date of Birth, Address, Subscription Information, Device Capability information for 4G, 3G, GPRS, Network Information, Activation Date, User Type [Prepaid/Postpaid] And most importantly Current IMEI number.
The IMEI number can be used to identify the device of the user.
The Flaw is now fixed and Acknowledged by Airtel.
“There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice,” an Airtel spokesperson told the BBC.
In April 2019, the Indian local search company JustDial had faced the security flaw in the Application programming interface (API), and leave 100 Million customers unprotected. After that, the Bug has fixed by the company.