"Up to 180 million smart phone owners are at risk of having some of their text messages and calls intercepted by hackers because of a simple coding error in at least 685 mobile apps."
Developers of a combined 685 apps on the Apple App Store and Google Play store hardcoded their Twilio API credentials in their apps. Twilio is a cloud service that allows developers to embed real-time communications functionality within their apps. This was not a vulnerability in Twilio, but a result of poor coding practices and developers' failure to follow Twilio documentation. Attackers could simply search out apps that use Twilio, search for the string "twilio", and, in vulnerable apps, find the developer's username and password. From there, the attacker could log-in to the developer's account and access app-user data that might include sensitive communications about contract negotiations, proprietary technology discussions, and more. If you're concerned about 3rd-party mobile app risk, this week we announced an extension of the NowSecure Platform™ to provide the world's most advanced 3rd-party mobile app security vetting -- NowSecure INTEL™. For a limited time until November 30, we're offering qualifying organizations one free NowSecure INTEL security report for one Apple App Store or Google Play store app of their choice -- request your report now.