Simple coding mistake exposes 180 million phones to hackers, security firm says
Appthority, cautious not to tip off potential hackers, did not list all the apps that could be vulnerable
A simple coding error in at least 685 apps put millions of smartphone users at risk of having some of their calls and text messages intercepted by hackers, cybersecurity firm Appthority warned.
Developers mistakenly coded credentials for accessing text messaging, calling and other services provided by Twilio Inc, said Appthority’s director of security research, Seth Hardy.
Hackers could access those credentials by reviewing the code in the apps, then gain access to data sent over those services, he said.
Affected apps include the AT&T Navigator app pre-installed on many Android phones and more than a dozen GPS navigation apps published by Telenav Inc.
Such apps have been installed as many as 180 million times on Android phones and an unknown number of times on Apple’s iOS-based devices.
Hackers covet Twilio credentials because they are used in a variety of apps that send text messages, process phone calls and handle other services. Hackers could access related data if they log into a developer’s Twilio account, Hardy said.