Users at Risk for Mobile Phone Coding Error

Posted by alvina on January 31st, 2018

Appthority, the cybersecurity firm, has warned about the vulnerability 'Eavesdropper' that enables hackers to obtain the user credentials without their knowledge through the calls and texts initiated through vulnerable apps like various GPS apps by Telenav and the pre-installed AT&T Navigator app in android devices. This vulnerability existent since 2011 has affected 180 million smartphone users and needs 3 steps to accomplish this, "reconnaissance,exploitation, and exfiltration.”

Reasons behind the vulnerabilities:

This occurred due to a coding error by the developers in the credentials required for obtaining the services by Twillo, a communication service provider that caters as much as 40,000 businessmen. The error paved way for the hackers to review the code and obtain the credentials by accessing the data transferred through the vulnerable apps which have been removed from the Play store or App store and have been updated through patches. Even the information related to this bug has been privately shared with the companies affected by it.

Protection against the vulnerabilities:

It is on the part of the development teams to secure the code against vulnerabilities by being alert and coding securely to make the apps safe for the users.As per the SANS (state of Application Security survey) 2016, there are certain challenges in application security that are responsible for the vulnerabilities in the coding which includes lack of skills, tools, techniques and secure coding knowledge of the developers' that is the reason behind the security issues.There are ways to train the developer about secure coding to reduce the vulnerabilities.

There are various platforms for secure code training for the developers that imparts small, easy and in-context training to tackle an impending problem.Static Application Security Testing (SAST) is also used to spot out the vulnerabilities in the app's source code during SDLC and carry out stable secure coding practices that drastically decreases the chances ofbecoming a prey of Eavesdropper.

Like it? Share it!


About the Author

Joined: March 22nd, 2017
Articles Posted: 258

More by this author