Researchers find hundreds of easily-breached messaging apps2017-11-09 14:14 by Daniela
Today, Appthority, the global leader in enterprise mobile threat protection, published research on its recent discovery of the Eavesdropper vulnerability, which has resulted in a large-scale data exposure.
Eavesdropper is caused by developers carelessly hard coding their credentials in mobile applications that use the Twilio Rest API or SDK, despite best practices the company clearly outlines in its documentation. Twilio has reached out to all developers with affected apps and is actively working to secure their accounts.
Appthority security researchers have identified this as a real and ongoing threat affecting nearly 700 apps in enterprise mobile environments, over 170 of which are live in the official app stores today. Affected Android apps alone have been downloaded up to 180 million times.
Examples of apps with the Eavesdropper vulnerability include an app for secure communication for a federal law enforcement agency, an app that enables enterprise sales teams to record audio and annotate discussions in real-time, and branded and white label navigation apps for customers such as AT&T and US Cellular.
Read more -here-