• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 21st, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

“Eavesdropper” Flaw Exposes Millions of Call, Texts and Recordings

November 10th, 2017 Uzair Amir Security 0 comments
“Eavesdropper” Flaw Exposes Millions of Call, Texts and Recordings
Share on FacebookShare on Twitter

Eavesdropper is a dangerous new vulnerability identified by researchers from Appthority, an enterprise mobile threat protection firm. According to their findings, the vulnerability has affected about 700 iOS and Android applications so far due to which massive amount of sensitive mobile data has been exposed. Reportedly, millions of calls, voice recordings, and text messages have been exposed. Eavesdropper is being regarded as a serious threat.

Although Eavesdropper was discovered in April according to Appthority’s security experts, it has been around since 2011, and 30 to 33 percent of the affected apps are business related. As Appthority researchers noted that there are a number of important apps such as one of the affected apps is used for initiating secure communication for federal law enforcement agency while another allows recording of audio and annotation of real-time discussions for enterprise sales teams.

More: Hacking Facebook Account by Simply Knowing Account Phone Number

“The scope of the exposure is massive including hundreds of millions of call records, minutes of calls and audio recordings, and text messages,” wrote researchers in a blog post.

It is also revealed that applications developed through Twilio service were the main victim of Eavesdropper while the vulnerability is a result of a basic developer error that exposed API credentials of hundreds of applications inadvertently. Apparently, developers didn’t properly follow the guidelines of using Twilio and did not secure credentials and tokens.

Michael Bentley from Appthority wrote that: “By hard-coding their credentials, the developers have effectively given global access to all metadata stored in their Twilio accounts.”

The affected apps have already been downloaded for more than 180 million times, which shows the extent of the threat.

Researchers claim that Eavesdropper manages to expose huge amounts of confidential, private data without relying upon conventional methods like jailbreak, malware or rooting but only through the careless developer error.

[q]”Eavesdropper” Flaw Poses Serious Threat to Enterprise Mobile Data – The data that can be exposed includes call records, minutes of calls, minutes of call audio recordings, SMS and MMS text messages”[/q]

The incident highlights the fact that hackers can launch attacks without using sophisticated tools. Moreover, the concerning aspect is that the problem cannot be resolved by deleting the affected app from the device, but the user needs to update credentials and keep them secure. Otherwise, data remains exposed.

Appthority’s security research director Seth Hardy explained that Eavesdropper poses a serious threat to enterprise data because it lets attackers access private and confidential data including details that are never discussed outside the enterprise environment such as pricing discussions, technology disclosure or M&A planning, etc.

“An attacker could convert recorded audio files to text and search a massive data set for keywords and find valuable data,” stated Hardy.

Appthority also claimed that the threat is not limited to apps developed using Twilio service, which means there might be many more affected apps that are yet to be identified.

[fullsquaread][/fullsquaread]

More: A Dark Web service claims to track any phone and read text messages

  • Tags
  • Android
  • internet
  • iOS
  • iPhone
  • security
  • Smartphone
  • Technology
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Intel’ Management Engine Tech Just Got Exposed Through USB Ports
Next article Cyberhitmen hired for sustained DDoS attacks against mans ex-employer
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
Play Store apps plagued with malware have 700,000 downloads

Play Store apps plagued with malware have 700,000 downloads

Facebook ads used in spreading Facebook Messenger phishing scam

Facebook ads used in spreading Facebook Messenger phishing scam

WhatsApp Pink is malware spreading through group chats

WhatsApp Pink is malware spreading through group chats

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Play Store apps plagued with malware have 700,000 downloads
Security

Play Store apps plagued with malware have 700,000 downloads

Facebook ads used in spreading Facebook Messenger phishing scam
Phishing Scam

Facebook ads used in spreading Facebook Messenger phishing scam

Combatting Email Spam - What you should know
How To

Combatting Email Spam - What you should know

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us