Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
Privacy Security

Neon Goes Dark After Exposing Users' Phone Numbers, Call Recordings, Transcripts (techcrunch.com) 29

Posted by BeauHD from the surprise-surprise dept.
An anonymous reader quotes a report from TechCrunch: A viral app called Neon, which offers to record your phone calls and pay you for the audio so it can sell that data to AI companies, has rapidly risen to the ranks of the top-five free iPhone apps since its launch last week. The app already has thousands of users and was downloaded 75,000 times yesterday alone, according to app intelligence provider Appfigures. Neon pitches itself as a way for users to make by providing call recordings that help train, improve, and test AI models. But now Neon has gone offline, at least for now, after a security flaw allowed anyone to access the phone numbers, call recordings, and transcripts of any other user, TechCrunch can now report.

TechCrunch discovered the security flaw during a short test of the app on Thursday. We alerted the app's founder, Alex Kiam (who previously did not respond to a request for comment about the app), to the flaw soon after our discovery. Kiam told TechCrunch later Thursday that he took down the app's servers and began notifying users about pausing the app, but fell short of informing his users about the security lapse. The Neon app stopped functioning soon after we contacted Kiam. TechCrunch found that the app's backend services didn't properly restrict access, allowing any logged-in user to request and receive data belong to other users. This included call transcripts, raw call recordings, and sensitive metadata, including phone numbers, the date/time of calls, and their durations.
This discussion has been archived. No new comments can be posted.

Neon Goes Dark After Exposing Users' Phone Numbers, Call Recordings, Transcripts More

Neon Goes Dark After Exposing Users' Phone Numbers, Call Recordings, Transcripts

Comments Filter:

  • That was entirely predictable (Score:5, Interesting)

    by abulafia ( 7826 ) on Thursday September 25, 2025 @07:23PM (#65683816)
    Vibe-coded app built on the notion that humans don't give a shit about privacy doesn't give a shit about privacy, film at 11.

    I'm unclear on why they bothered to pull it down, unless the problem is people could snarf the data without paying for it.

    • Re: (Score:3)

      by TWX ( 665546 )

      You're probably right. The app makes no money if the owners can't sell the data because it's already leaked.

    • Re: (Score:1)

      by Anonymous Coward
      why does apple allow this app without any question or deliberation whatsoever but has banned fornite for six years now?

      • Re: (Score:1)

        by Anonymous Coward
        Fortnite isn't banned for content. Epic could put Fortnite on Apple's App Store any time they want if they agree to pay Apple the 30% of income that Apple wants.

    • An MBA from Stanford and masters in economics from Oxford, yet not smart enough to hire the right people.

      • not smart enough to hire the right people.

        If you don't know how to do X, then how do you know who are "the right people" to do X?

      • At the college level, academic fraud (read: cheating) has been rampant for decades, if you could afford it. It's actually more common at elite universities as the populations of those schools have more access to resources (read: money) to do cheating. Further, there are academically rigorous degrees and then there are cultural reproduction degrees. Athletes tend to get shunted into communication and geology (frequently referred to as "Rocks for jocks") that don't require much effort so they can keep doing t

        • W was actually really smart. https://www.keithhennessey.com... [keithhennessey.com]

          Which makes him and the Bush family even more diabolical.

          • Annoying article with little substance. I agree with the thesis, (gwb not stupid), but I sincerely doubt hyperbolic claims that he is more "intelligent" than >98%+ of the generala stanford professional class. Prof seems kinda unintelligent for writing such sophomoric tripe

            • I refer you back to my premise that MBA and Economics graduates aren't actually that smart and the courses aren't all that academically rigorous. Your average Humanities major has a much more difficult academic career than your average economist. "Smart for a MBA student," is damning with faint praise.

          • Interesting article. Counterpoint: Any random 15-minute clip of him speaking in public. Alternate counterpoint: His two terms as president. Further counterpoint: His one and a quarter terms as governor of Texas.

    • Verb -- to ingest food in an inordinately voracious manner.

      alternate meanings
      1) (noun) a lovable yet slightly annoying character from the Thundercats show, who often uses his own name in his sentences
      2) (adj.) sexy and/or stylish

  • oldie but goodie (Score:3)

    by SirSlud ( 67381 ) on Thursday September 25, 2025 @07:29PM (#65683828) Homepage

    TechCrunch found that the app's backend services didn't properly restrict access, allowing any logged-in user to request and receive data belong to other users.

    I *loooove* how common this flaw is. I remember decades back getting hired by a guy to keep working on some event marketing website he'd had another programmer build. Took me like 10 minutes at that job to figure out you could do the exact same thing.

    • Re: (Score:3)

      by gweihir ( 88907 )

      It is a classical sign of somebody that does not understand IT security at all. Whoever messed this up was only concerned to get it to work and never even though about how it could be misused. That you even have to log-in is probably only there because it is a ritual "you do".

    • It's an OWASP top 10

  • This is just so delicious I cannot stop laughing at it.

  • Did neon insist that you got consent of the person that you were speaking to before the conversation was uploaded to neon ? I suspect not, so a huge privacy breach. I think illegal in Europe under the GDPR, I do not know about the USA which seems to be a wild west as far as data protection is concerned.

    • They say they only record YOUR mic, not the conversation. Of course there will be leakage of what the other person says through the speaker and your microphone, but it should be relatively easy to identify and filter out this signal, so at least in principle they can claim compliance with data privacy laws.

  • Well, they definitely succeeded. It's just that everybody else on the Web now gets to use their recordings for AI training.
  • You were telling us all about the warm embrace of so much safety in the walled garden so carefully tended by Big Fruit on the other story about running into EU regulations. Yeah.

  • Prompt (Score:3)

    by sudonim2 ( 2073156 ) on Thursday September 25, 2025 @11:46PM (#65684074)

    That was a really short turn around! Most crypto or "AI" apps show themselves to be ill conceived and dangerous to users and society. But Neon really did a speedrun of it! I guess that's because it's both an "AI" and a crypto app.

  • Double down on Neon be a bad idea.
    • The core concept sounds like a good idea - pay people to provide training data instead of trying to steal it - but I guess they didn't do it very well.

  • The obligatory joke I was looking for involved the intelligence of people who would knowingly install such an app. Sell their souls for a wooden shekel?

Slashdot Top Deals

I was playing poker the other night... with Tarot cards. I got a full house and 4 people died. -- Steven Wright

Close