Twitter warns security hole might have exposed Android users’ direct messages

Twitter app Pixel 2 XL AA 2

  • Twitter has disclosed an Android security flaw that could expose direct messages.
  • Users running Android Oreo or Pie were vulnerable.
  • There’s no evidence attackers have used it so far.

Twitter has revealed a serious security flaw in its app just days after intruders compromised high-profile accounts.

An “underlying Android OS security issue,” disclosed in October 2018, allowed attackers to read Twitter direct messages on devices running Android 8 (Oreo) or Android 9 (Pie). Perpetrators would have used a “malicious app” on the device to bypass Android’s permissions and get the sensitive data.

About 96% of Twitter for Android users already have the relevant security patch installed to protect this, the social network said. To address the remaining users, Twitter has updated its app to add extra safeguards against external apps. It’s also notifying affected users and requiring them to update.

Twitter didn’t find evidence that any hackers had used the flaw, but it was looking to update its “processes” to reduce the chances of a similar incident in the future. This didn’t affect iOS or web users.

Read more: Are Android updates getting faster?

This isn’t the first time Twitter has identified security flaws that could expose sensitive info. Researchers found in December 2019 that they could match phone numbers with users, and a hole discovered a year earlier let attackers use text spoofing to control UK accounts. The app-specific nature of this latest flaw is notable, though, and relatively uncommon.

The threat wasn’t necessarily high. To load the hostile app on a device, hackers needed to either trick users into installing the app voluntarily or else use another vulnerability to force the app to load. In both cases, the device would already be compromised — this would have just made it easier to take Twitter data.

However, it’s still significant that the flaw had been exploitable for a long time. The issue also underscores concerns about the timeliness of Android updates. It’s significant that 4% of the app’s entire Android user base was still vulnerable nearly two years after the patch was first available.  That’s a lot of potential targets, and the percentages may well have been higher even a year earlier. Without fast and consistent security updates, there’s a risk issues like this can persist for a long while.

Source link


Hey, I'm Sunil Kumar professional blogger and Affiliate marketing. I like to gain every type of knowledge that's why I have done many courses in different fields like News, Business and Technology. I love thrills and travelling to new places and hills. My Favourite Tourist Place is Sikkim, India.

Leave a Reply

Your email address will not be published. Required fields are marked *

Next Post

Speed Test G: Google Pixel 4a vs Google Pixel 4 (Man, it's not even close)

Thu Aug 6 , 2020
This week, Google finally took the wraps off the Google Pixel 4a. The $350 phone boasts the best of the Pixel ecosystem with none of the flashy features bogging it down. But how will it compare to its namesake? Let’s find out in this Google Pixel 4a vs Google Pixel […]
error: Content is protected !!