Eavesdropper: a bug that could expose millions of messages

The security of our mobile devices is increasingly at risk. A few weeks ago the KRACK attack put in check the security of devices around the world. Now, we are faced with a new danger. In this case it is Eavesdropper, a bug that could expose millions of messages.

Eavesdropper: A bug that could expose millions of messages

Eavesdropper is a vulnerability that allows a hacker to access the conversations that users have in applications such as WhatsApp, Telegram or Messenger. So they could have access to the personal data that users share in these private conversations. This vulnerability affects more than 700 applications.

Eavesdropper attacks in three steps

The Android applications affected by this vulnerability have been downloaded more than 180 million times. So the number of users who can be victims is huge. It is based on applications that use the Twilio API. The security flaw has been found there, although the flaw dates from 2011. Although Twilio was informed about it in the middle of this year.

The attack consists of three parts: Recognition, exploitation and extraction. First are the applications that use the Twilio API. The second step is to use tools capable of reading and identifying strings within the code. While in the final phase, other programs are used to extract user data. It is also possible to convert audio notes to text.

The danger posed by Eavesdropper is obvious. The business environment seems to be the most affected by this vulnerability, so many sensitive data could fall into the wrong hands. We will have to wait to see the effects of Eavesdropper on Android.