Language: rus ukr eng


Saturday, 18 May
Mobile version  | RSS
News Ukraine Russia Peace Business Society Artistic and Culture Sports Policy PE Science and Health Photo Report Video

Mobile applications "brained by craftsmen" steal your data

13 November 2017, 17:24 | Technologies
photo InternetUA
Text Size:

Appthority, which deals with the security of mobile devices in the corporate environment, said that about 700 applications in the corporate mobile environment, including more than 170, which are located in official application stores, may be at risk of espionage due to the vulnerability of Eavesdropper. This is reported by TechNewsWorld.

The company said that vulnerable applications for Android-devices were downloaded about 180 million times.

According to Appthority, Eavesdropper is the result of the fact that developers "hard" code credentials in mobile applications that use Twilio Restore API or SDK. This is contrary to the practice that Twilio recommends in its own documentation, and Twilio has already approached the developer community to work on securing accounts.

Appthority first discovered vulnerability in April.

It is reported that the vulnerability provides a huge amount of confidential data, including call records, minutes of calls made on mobile devices, and minutes of audio call records, as well as the contents of SMS and MMS text messages.

Invalid encoding Eavesdropper vulnerability is not limited to applications created using the Twilio Rest API or SDK.

"The main problem is the laziness of the developer, and this is not such a big discovery," said Steve Bloom, chief analyst at Tellus Venture Associates.

"With applications developed by one person or a small team, there are no normal quality control checks," Bloom added..

Unfortunately, too often security issues are seen as "cost centers," and confidentiality is seen as an income generator for the company that develops the application. Therefore, applications are often not protected, and confidentiality does not exist - to minimize costs and maximize revenue.

The only way to deal with these violations is to actually pay the full price for using applications and rejecting applications that support advertising.

In addition, the vulnerability is not eliminated after the affected application has been removed from the user's device. Instead, these applications remain open.

Some users can purchase phones with pre-loaded applications that can threaten their personal information.

"Twilio can force developers to update their application code by revoking all access credentials to their vulnerable service APIs," TechNewsWorld.



It seems that users have few options, and for consumers it can be difficult even to see the vulnerability of applications affected by Eavesdropper.

It is noted that this problem arose to no small degree, because the developers were sloppy. In addition, it is partly a consumer problem, because many people prefer the ease of use of mobile device security.

"Consumers are still too careless about their confidentiality and prefer not to pay," noted in Recon Analytics.

Based on materials: technewsworld.com



Add a comment
:D :lol: :-) ;-) 8) :-| :-* :oops: :sad: :cry: :o :-? :-x :eek: :zzz :P :roll: :sigh:
 Enter the correct answer 
News archive "Technologies"
Ad
© 2009 - 2024 NewsMe. All rights reserved.
The site administration is not responsible for information what put in, as well as its reliability. Use material NewsMe permitted only for reference (for internet issues - hyperlinks) on NewsMe.com.ua.

Наши проекты: