"A minor coding error in at least 685 applications puts millions of smartphone users at risk of encrypting some of their calls and text messages by hackers," Internet security specialist Apority warned on Thursday.
Seth Hardy, director of security research at Evolution I, said developers had mistakenly encoded credits for text messages, calls and other services provided by Toileo. He said hackers could access those credits by reviewing the code in the application, and then could access data sent through those services.
The affected applications include the AT & T Navigator application, already installed on many Android phones, and more than a dozen location applications issued by Telenav. Such applications have been installed around 180 million times on Android # handsets and an unknown number on Apple devices running the IOS system.
Shares of Toledo fell nearly 7 percent after the report. Pirates accept the Twilio credentials because they are used in many applications that send text messages and handle phone calls and other services. Hardy said hackers could access application-related data if they signed in with a Twilio developer account.
"Apriority" did not issue a list of all # applications that could be hacked through this vulnerability so that potential hackers would not alert it. The Web site says its users include Opere Technologies and Netflix. But big companies usually have security reviews that detect common cryptographic errors such as those discovered by Opportunity. There is no indication that Ober or Netflix has been affected by the problem.
The findings highlight new threats posed by the growing use of third-party services such as #Toylio, which says on its website that it manages connections to more than 400,000 companies around the world. Developers can develop security holes if they do not properly mark up or configure such services.
ليست هناك تعليقات:
إرسال تعليق