According to the cyber security firm Appthority; about 685 apps put millions of smartphone users at risk of having some of their calls and text messages intercepted by hackers.

Developer mistakenly coded credentials for accessing text messaging, calling and other services provided by Twilio Inc, Said Appthority director of security research, Seth Hardy. Hackers could access those credentials by reviewing the code in the apps, and then gain access to data sent over those services, he said. 


Affected apps include the AT&T Navigator app pre-installed on many Android phones and more than a Dozen GPS navigation apps published by Telenav Inc.

Such apps have been installed as many as 180 million times on Android phones and an unknown number of times on Apple’ iOS-based devices.


Hackers covet Twilio credentials because they are used in a variety of apps that send text messages, process phone calls and handle other services. 


Appthority, cautious not to tip off potential hackers, did not list all the apps that could be vulnerable.


The findings highlight new threat posed by the increasing use of third party services such as Twilio, which says on its website that it powers communication for more than 40,000 businesses worldwide.


It is reported that Appthority warned Amazon that it had found credentials for at least 902 developer accounts with cloud-service provider Amazon Wed Services in over 20,000 different apps.


A representative from Amazon declined comment.


The problem third-party services have is that consumers often use the same account across multiple apps, similar to some consumers that may use one email address for a variety of financial services and can have fraud problems on all of them if hackers compromise that single email account.


Twilio warns developers that leaving credential in apps could expose their accounts to hackers.


Twilio spokesman Trak Lord said the company has no evidence that hackers used credentials coded into apps to access customer data but was working with developers to change credentials on affected accounts.


According to Appthority report, the Twilio vulnerability only affects calls and texts made inside of apps that use its messaging services, including some business apps for recording phone calls such as Wrappup and RingDNA, which could not be reached for comment.


Appthority found 685 problem apps that were linked to 85 affected Twilio accounts, reported.




"A politician stumbles over himself... Then they pick it out. They edit it. He runs the clip, and then he makes a funny face, and the whole audience has a Pavlovian response." -- Joe Scarborough on John Stewart over Jim Cramer

Most Popular Articles

Copyright 2018 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki