DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
November 23, 2017 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 58 people online.

 

Latest Reviews
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
 

Follow us
RSS
 

Hundreds of enterprise apps hit by Eavesdropper vulnerability

Posted on Friday, November 10 2017 @ 18:46:16 CET by


Appthority reports a whopping 700 enterprise apps, including 170 that are still available via official apps stores, are at risk of large-scale data exposure. Security researchers from Appthority say these apps, which have been downloaded over 180 million times, are vulnerable to the Eavesdropper attack.

The vulnerability is caused by not following best security practices in the implementation of the Twilio Rest API or SDK. Many app developers hard coded credentials into their apps, even though Twilio's documented guidelines specifically ask not do to this. The result is that hundreds of apps can leak valuable data:
Appthority has discovered a significant data exposure vulnerability we’ve named Eavesdropper that affects almost 700 apps in enterprise environments. The vulnerability is caused by including hard coded credentials in mobile applications that are using the Twilio Rest API or SDK. By hard coding their credentials, the developers have effectively given global access to all metadata stored in their Twilio accounts, including text/SMS messages, call metadata, and voice recordings.

The vulnerability is called Eavesdropper because the developers have effectively given global access to the text/SMS messages, call metadata, and voice recordings from every app they’ve developed with the exposed credentials.
The company says the app developers need to take proper measures to ensure the data is no longer at risk.



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2017 DM Media Group bvba