CloudSEK researchers have discovered in an investigation how 3207 applications that use the Twitter API expose information from the little bird social network to the public. This could allow these keys to be used to hijack the Twitter accounts associated with the affected applications.

An API is a small program that is responsible for exchanging information between two applications or services. Like this, it is possible to simplify the development of an application that exchanges information with, For example, Twitter. These information exchanges are authenticated with what is known as an “API Key”, unique for each Twitter user. It is this last “API Key” that has been found unencrypted in the affected applications.

In these cases, como se almacena la “API key” en el dispositivo, sería posible, en el caso de Twitter, leer los mensajes directos, hacer retweets y cambiar la información del perfil, entre las otras funciones de Twitter.

Entre las aplicaciones afectadas hay diferentes reproductores de radio, lectores de libros electrónicos, aplicaciones bancarias, aplicaciones de deporte… pero no se ha publicado la lista. Los investigadores han enviado el informe de su trabajo a los desarrolladores para que publiquen actualizaciones que mitiguen lo ocurrido.


Leave a Reply

Your email address will not be published. Required fields are marked *

More news
A
Read more »
A researcher manages to hack some concert tickets using AI
Read more »
Una nueva campaña de phishing suplanta a ChatGPT
Read more »
Nintendo suffers a data breach through a supplier
Read more »
Trying to make fun of a scammer is not a very good idea
Read more »