Cyberattacks are on the rise and no one is spared, not even the social network Twitter. Applications connected to the account can indeed allow hackers to access user authentication keys.
Researchers revealed on Monday 1er August 2022 that more than 3000 applications include major security flaws allowing easy control of a Twitter account.
3200 apps put your Twitter account at risk
Beware of applications that you link to your Twitter account. The cybersecurity expert company CloudSEK has revealed a significant vulnerability in more than 3200 applications. This large-scale flaw can allow hackers to easily access API authentication keys to take control of a Twitter account or recover personal data.
In a jiffy, a malicious user can retweet, like or delete Tweets, follow any account, change a profile picture or even access user settings just by going through these associated applications. Experts also warn that if these vulnerabilities are not quickly corrected, the impacted accounts could be used to create an army of fake verified accounts that could spread fake news or scams.
What are the risks with this flaw?
More specifically, when integrating the social network into an application, developers call on tokens which allow them to interact with the Twitter API and which then allow users to interact with the social network. A large majority of developers therefore avoid storing these authentication keys to prevent hackers from getting their hands on them, which these 3207 applications spotted by specialists did not do.
CloudSEK has not publicly disclosed the list of affected applications, since the developers are currently in the process of fixing this security flaw. The company nevertheless specified that they account for at least between 50,000 and 5 million downloads. The panel is varied, ranging from transport applications, radio, e-book readers, apps major newspapers, banks, GPS for cyclists, diaries and much more.
For now, it is recommended that you log out on Twitter from applications of this type and those that you no longer use in order to avoid the worst. To find out the list, go to your smartphone settings via “Security”, then “Apps and sessions”, then “Connected applications”.
Source : BleepingComputer
8