A simple coding error made in hundreds of apps may have exposed as many as 180 million smartphone users to having their text messages and phone conversations intercepted by hackers, security researchers warned.
The warning comes from experts at the cybersecurity firm Appthority, who spotted an errorplaguing as many as 685 mobile apps—including one used for secure communications by a federal law enforcement agency—and would allow hackers to access user data sent through the affected apps.
The issue, which has been dubbed Eavesdropper, stems from the use of an application programming interface (API) from Twilio. The API requires authentication, and some developers hard-code the credentials for the API into the mobile application—a discouraged coding practice that opens up the app to the Eavesdropper vulnerability.
The Emergency Election Sale is now live! Get 30% to 60% off our most popular products today!