Saudi Arabia smart phone application Dalil is burst serious vulnerability: the more than 500 million users information was leaked-vulnerability warning-the black bar safety net


Dalil is a similar to Truecaller's smart phone application, but only limited to Saudi Arabia and other Arab regions of the user. Due to the application of the use of the MongoDB database can not enter the password in the case of online access, causing the user data of the continued leak of the week time. The vulnerability by security researchers Ran Locar and Noam Rotem found in the database included in the APP all the data, from the user's personal details to the activity log. ! [](/Article/UploadPic/2019-3/201937191810647.jpg) Foreign media ZDNet on the sample review, we found that the database includes the following information ● The user's phone number ● The Application Registration Data, full name, email address, Viber account, gender etc. ● Device information, date of manufacture and model, serial number, IMEI, MAC address, SIM number, system version, etc. ● Telecom operators details ● GPS coordinate is not available for all users ● Personal call details and number search ! [](/Article/UploadPic/2019-3/201937191828270. png) Based on the associated with each entry in the country/region code, the database contains most of the data belonging to the Saudi users, in addition there is a small part of the user from Egypt, the UAE, Europe and even some of the Israeli/Palestinian people. Clearly these data are very sensitive, even through GPS coordinates data to be tracked. The database is still exposed to approximately 585. 7GB of information. Locar say every day add a new record, which means that this is the app to production server, instead of discarding the test system or a redundant backup. The researchers told ZDNet that only in the last month it has registered approximately 208,000 for a new unique phone number and 4400 million application events according to Play Mall shows the APP information, the Dalil of the number of downloads has exceeded 500 million.