Tech & Science Mobile-app errors expose data on 180 million phones: security firm

18:11  09 november  2017
18:11  09 november  2017 Source:   Reuters

Samsung’s Android Oreo beta is now live for Galaxy S8 owners

  Samsung’s Android Oreo beta is now live for Galaxy S8 owners The Samsung Experience 9.0 is now live bringing a beta version of the Android Oreo operating system to Galaxy S8 or S8 Plus owners in the US, UK, and South Korea. Users wanting access must have a Samsung Account and meet specific requirements. For those in the US, beta testers must be on Sprint or T-Mobile network devices, or have an unlocked device with SIMs from these carriers. Those in the UK must have an unlocked device.

(Reuters) - A simple coding error in at least 685 apps put millions of smartphone users at risk of having some of their calls and text messages intercepted by hackers, cyber- security firm Twilio’s website warns developers that leaving credentials in apps could expose their accounts to hackers.

A simple coding error in at least 685 apps put millions of smartphone users at risk of having some of their calls and text messages intercepted by hackers, cyber- security firm Appthority warned on Thursday. Those credentials could be used to access app user data stored on Amazon, Hardy said.

a sign on the side of a building: A banner for communications software provider Twilio Inc., hangs on the facade at the NYSE to celebrate the company's IPO, in New York City© REUTERS/Brendan McDermid A banner for communications software provider Twilio Inc., hangs on the facade at the NYSE to celebrate the company's IPO, in New York City Up to 180 million smart phone owners are at risk of having some of their text messages and calls intercepted by hackers because of a simple coding error in at least 685 mobile apps, cyber-security firm Appthority warned on Thursday.

Developers mistakenly coded credentials for accessing services provided by Twilio Inc, said Appthority's director of security research, Seth Hardy. Hackers could access those credentials by reviewing the code in the apps, then gain access to data sent over those services, he said.

A gaming company just announced a high-powered smartphone geared for games -- but its best feature is its price

  A gaming company just announced a high-powered smartphone geared for games -- but its best feature is its price Gaming company Razer is getting into the smartphone business. And, as you might expect from the maker of high-powered gaming laptops, its new phone has outrageous specs and is geared for video games. Indeed, judging from its specs, the Razer Phone, which the company announced Wednesday, could handily beat Apple's iPhone X, Google's Pixel 2, Samsung's Galaxy devices, and other top smartphones, when it comes to performance.But the Razer Phone has another thing going for it that could even tempt non-gamers -- its $US700 price. That coverts to about $900 in Australia, plus whatever mystery charges you'll wear for being an Australian.

(Reuters) - Up to 180 million smart phone owners are at risk of having some of their text messages and calls intercepted by hackers because of a simple coding error in at least 685 mobile apps , cyber- security firm Appthority warned on Thursday.

A simple coding error in at least 685 apps put millions of smartphone users at risk of having some of their calls and text messages intercepted by hackers, cyber- security firm Appthority warned Twilio's website warns developers that leaving credentials in apps could expose their accounts to hackers.

The findings highlight new threats posed by the increasing use of third-party services such as Twilio that provide mobile apps with functions like text messaging and audio calls. Developers can inadvertently introduce security vulnerabilities if they do not properly code or configure such services.

“This isn't just limited to Twilio. It's a common problem across third-party services," Hardy said. "We often notice that if they make a mistake with one service, they will do so with other services as well.”

Many apps use Twilio to send text messages, process phone calls and handle other services. Hackers could access related data if they log into the developer accounts on Twilio, Hardy said.

The mistakes were caused by developers, not Twilio, Hardy said. Twilio's website warns developers that leaving credentials in apps could expose their accounts to hackers.

Netflix subscribers targeted by email scam

  Netflix subscribers targeted by email scam An email scam targeting Netflix users aims to gather personal information from the streaming service's 110 million subscribers.The suspicious emails tell recipients that their Netflix billing information needs updating and takes them to a fake Netflix website. There they are asked to log in and enter information including credit card numbers.

San Francisco - Up to 180 million smart phone owners are at risk of having some of their text messages and calls intercepted by hackers because of a simple coding error in at least 685 mobile apps , cyber- security firm Appthority warned on Thursday.

(Reuters) - A simple coding error in at least 685 apps put millions of smartphone users at risk of having some of their calls and text messages intercepted by hackers, cyber- security firm Twilio's website warns developers that leaving credentials in apps could expose their accounts to hackers.

Twilio spokesman Trak Lord said the company has no evidence that hackers used credentials coded into apps to access customer data but that it was working with developers to change the credentials on affected accounts.

Pokemon Go's Niantic taps 'Harry Potter' magic for new augmented reality game

  Pokemon Go's Niantic taps 'Harry Potter' magic for new augmented reality game Fantastic beasts, wizard adventures and magic spells will come to life in a new "Harry Potter" augmented reality mobile game from Pokemon Go developer Niantic Inc and Warner Bros Interactive Entertainment, the companies said on Wednesday. "Harry Potter: Wizards Unite" will bring author J.K. Rowling's Wizarding World to mobile phones and use augmented reality (AR) to create a real-world scavenger hunt, allow players to cast spells, find artifacts, team up and encounter magical beasts and characters from the popular book series.

A simple coding error in at least 685 apps put millions of smartphone users at risk of having some of their calls and text messages intercepted by hackers, cybersecurity firm Appthority warned Twilio's website warns developers that leaving credentials in apps could expose their accounts to hackers.

(Reuters) – A simple coding error in at least 685 apps put millions of smartphone users at risk of having some of their calls and text messages intercepted by hackers, cyber- security firm Appthority warned on Thursday.

The vulnerability only affects calls and texts made inside of apps that use messaging services from Twilio, including some business apps for recording phone calls, according to Appthority's report.

Credentials for back-end services like Twilio are coveted by hackers because developers often reuse their accounts to build multiple apps.

In a survey of 1,100 apps, Appthority found 685 problem apps that were linked to 85 affected Twilio accounts. That suggests the theft of credentials for one app's Twilio account could pose a security threat to all users of as many as eight other apps.

Appthority said it also warned Amazon.com Inc that it had found credentials for at least 902 developer accounts with cloud-service provider Amazon Web Services in a scan of 20,098 different apps.

Those credentials could be used to access app user data stored on Amazon, Hardy said.

A representative with Amazon declined comment.

(Reporting by Stephen Nellis; Editing by Jim Finkle and Leslie Adler)

Google Lens comes to Assistant on Pixel phones .
Point your camera at the world and get answers.The feature isn't widely available yet -- it may take some time before you see it. There's also no word on availability for other devices. It's safe to say this will make Lens more convenient, though, regardless of what you're using. Before, you had to snap a shot and then switch to Photos to make sense of it. Assistant skips that step -- you can capture an image and decipher it in one go.

—   Share news in the SOC. Networks

Topical videos:

This is interesting!