Technology Mobile-app errors expose data on 180 million phones: security firm

22:22  09 november  2017
22:22  09 november  2017 Source:   Reuters

Do Android phones now need Face ID too?

  Do Android phones now need Face ID too? Bloggers have begun getting some hands-on time with the iPhone X ahead of its shipping date, and the word on the street is that it’s pretty bangin’. The feature uses a front-mounted depth camera to analyze more than 30,000 points on your face to identify you, while also being able to distinguish between your actual face and any likeness (such as a headshot), as well as recognize you even if you’ve got makeup on, grown a beard, or had a haircut. And it’s not just for unlocking your phone: you can also use Face ID to authenticate purchases with Apple Pay.

SAN FRANCISCO (Reuters) – Up to 180 million smart phone owners are at risk of having some of their text messages and calls intercepted by hackers because of a simple coding error in at least 685 mobile apps , cyber- security firm Appthority warned on Thursday.

(Reuters) - Up to 180 million smart phone owners are at risk of having some of their text messages and calls intercepted by hackers because of a simple coding error in at least 685 mobile apps , cyber- security firm Appthority warned on Thursday.

a sign on the side of a building: A banner for communications software provider Twilio Inc., hangs on the facade at the NYSE to celebrate the company's IPO, in New York City © REUTERS/Brendan McDermid A banner for communications software provider Twilio Inc., hangs on the facade at the NYSE to celebrate the company's IPO, in New York City Up to 180 million smart phone owners are at risk of having some of their text messages and calls intercepted by hackers because of a simple coding error in at least 685 mobile apps, cyber-security firm Appthority warned on Thursday.

Developers mistakenly coded credentials for accessing services provided by Twilio Inc, said Appthority's director of security research, Seth Hardy. Hackers could access those credentials by reviewing the code in the apps, then gain access to data sent over those services, he said.

Trump: Money spent on dossier is ‘inconceivable’

  Trump: Money spent on dossier is ‘inconceivable’ President Trump slammed Democrats Thursday for the amount of money spent on a dossier of incendiary allegations against him, saying it was "absolutely inconceivable." "That dossier which is totally fake and made up is like a novel, it's a disgrace and should not have been allowed to be used and then I hear the kind of money they spent," Trump told Fox News host Laura Ingraham on "The Ingraham Angle.

A simple coding error in at least 685 apps put millions of smartphone users at risk of having some of their calls and text messages intercepted by hackers, cyber- security firm Appthority warned Twilio's website warns developers that leaving credentials in apps could expose their accounts to hackers.

A simple coding error in at least 685 apps put millions of smartphone users at risk of having some of their calls and text messages intercepted by hackers, cyber- security firm Appthority warned on Thursday. Those credentials could be used to access app user data stored on Amazon, Hardy said.

The findings highlight new threats posed by the increasing use of third-party services such as Twilio that provide mobile apps with functions like text messaging and audio calls. Developers can inadvertently introduce security vulnerabilities if they do not properly code or configure such services.

“This isn't just limited to Twilio. It's a common problem across third-party services," Hardy said. "We often notice that if they make a mistake with one service, they will do so with other services as well.”

Many apps use Twilio to send text messages, process phone calls and handle other services. Hackers could access related data if they log into the developer accounts on Twilio, Hardy said.

The mistakes were caused by developers, not Twilio, Hardy said. Twilio's website warns developers that leaving credentials in apps could expose their accounts to hackers.

HTC will make a 'noteworthy' return to dual-camera phones in 2018

  HTC will make a 'noteworthy' return to dual-camera phones in 2018 Shortly after showing off the squeezable U11+ in Taipei today, HTC President Chialin Chang confirmed that his company is re-entering the dual-camera smartphone space in 2018. Folks who are familiar with HTC's history will no doubt be amused by this move. Its EVO 3D was one of the first smartphones equipped with a dual-camera system, but after the short-lived mobile 3D hype, the Taiwanese firm eventually started championing its pseudo-depth-sensing "Duo Camera" to offer bokeh photo effects on two generations of flagship devices.

Up to 180 million smart phone owners are at risk of having some of their text messages and calls intercepted by hackers because of a simple coding error in at least 685 mobile apps , cyber- security firm Appthority warned on Thursday.

Up to 180 million smart phone owners are at risk of having some of their text messages and calls intercepted by hackers because of a simple coding error in at least 685 mobile apps , cyber- security firm Appthority warned on Thursday.

Twilio spokesman Trak Lord said the company has no evidence that hackers used credentials coded into apps to access customer data but that it was working with developers to change the credentials on affected accounts.

The vulnerability only affects calls and texts made inside of apps that use messaging services from Twilio, including some business apps for recording phone calls, according to Appthority's report.

Credentials for back-end services like Twilio are coveted by hackers because developers often reuse their accounts to build multiple apps.

In a survey of 1,100 apps, Appthority found 685 problem apps that were linked to 85 affected Twilio accounts. That suggests the theft of credentials for one app's Twilio account could pose a security threat to all users of as many as eight other apps.

Appthority said it also warned Amazon.com Inc that it had found credentials for at least 902 developer accounts with cloud-service provider Amazon Web Services in a scan of 20,098 different apps.

Those credentials could be used to access app user data stored on Amazon, Hardy said.

A representative with Amazon declined comment.

(Reporting by Stephen Nellis; Editing by Jim Finkle and Leslie Adler)

Security firm Kaspersky said it did obtain classified NSA documents — just not deliberately .
<p>Embattled Russian security firm Kaspersky confirmed that it had pulled classified documents from a US computer for almost two months in 2014, but the company again blamed the computer's owner for poor security practices and said there was a reasonable explanation.</p>Kaspersky is currently fighting allegations from anonymous sources quoted in The Wall Street Journal that Russia was using the security software firm as a spying tool.

—   Share news in the SOC. Networks

Topical videos:

This is interesting!