Twilio app vulnerability exposes data from over 180 million Smart Phone Users

    All those who are using Twilio app are hereby alerted about a security error which has could have exposed data of more than 180 million smartphone users. Daily Mail reports that all calls and text messages of those using the Twilio app are now being intercepted by hackers who could post them on the dark web anytime soon.

    Cybersecurity firm Appthority reports that the communication app is displaying such eavesdropping skills due to a coding error which is allowing hackers access data sent over the said services. This includes business dealing info and other critical information.

    Security researchers from Appthority have also concluded that at least 685 mobile apps which are using Twilio are found intercepted by hackers.

    The researchers also confirm that the vulnerability has been present since 2011 and requires hackers to carry out attacks in just 3 steps- reconnaissance, exploitation, and exfiltration.

    Means, hackers search for apps that use Twilio and then use a tool such as VirusTotal or YARA to find apps that identify Twilio strings and then use the credentials (34 characters Twilio ID and 32 character password) of Twilio to access and account to browse or ex-filtrate data.

    The new finding exposes the threats exposed by increasing use of 3rd party apps such as Twilio that provide mobile apps with functions like Text messaging and audio calls.

    Note- Twilio offers text and audio calls facility to applications. For example, Coca-Cola enterprises use Salesforce and Twilio app to coordinate repairs for 600,000 machines across Europe.

    In simple words, as soon as a retailer using the coca cola machine in their store lodges a complaint about a fault in the vending machine, the Salesforce CRM coordinates with Twilio and sends a text message to the technician.

    Ad
    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display