Over 3,200 Apps Leak Twitter API key From Android Apps
We always listen, this happened on Twitter, somebody tweeted this today and because of this tweet someone….. These kinds of incidences have become the cause for Twitter users to shift or leave the platform.
Not only do the users themselves want a secure platform to present themselves as the kind of person they see in them. However, attackers always switch targets every day and won’t let the victim off the hook unless they achieve their goals.
Well, let’s bring the main content into the spotlight and find the news you want in the latest web letters. 3,207 Mobile Apps came into the spotlight in the research because of a crime they were committing. That was publicly exposing Twitter API Keys that can be used to gain access to the accounts.
A leak was claimed to have happened on Twitter via these apps as these were involved in the crime via sharing consumer keys and confidential API Keys. 230 Apps of this group of the malicious troop is breaching 4 of the authentication credentials that could be used to take full control over any user’s Twitter Account.
Process Proceed to Access the Twitter API
- You need to create secret keys and access tokens in order to access the Twitter API.
- Suppose Keys and Token as your username and passwords that will be used for both Apps and the users in place of which the API requests are going to be made.
- These keys will help out users’ access and take control over the app as digital users. The actions would be like logging in via Twitter, tweeting as a user, and sending DMs to the individual you want to send.
Related Topics are Found here: Click on the Link Now!
How did the API Keys go missing and got into the hands of the intruders?
According to the researchers, App Developers could be the main suspects in leaking API Keys as they are the ones who mostly try things like that. Mostly the cause for that these developers embed their authentication keys in the Twitter API, however, sometimes they forget to remove them when the app is on release.
How Ruthless can the situation be?
Well, there can be a lot of chaos just because of these kinds of incidences. Let us tell you about some of those. An adversary could even try to perform several actions like direct messaging, deleting tweets, getting hold of account settings, following other accounts, removing followers, or changing accounts’ profile pics. That proves that anything could happen to the users’ image that they managed to create and still be on it.
The Most Insane incident could be if any attacker may get his hands on Exposed Tokens, then he would try to build a Twitter Bot Army that could come in use to share misinformation about people or any celebrity on social media platforms.
Moreover, API Keys and Tokens gotten from the mobile apps can be embedded in a program. That program can come in use to run large-scale malware campaigns which could be targeting verified accounts.
The solution to the Issues
There’s nothing new in such cases as they only took place in order to maintain the persistence of threats and malicious attacks. According to the Developers, use API Key Rotation to reduce possible risks from the leaks.
You can also review code for directly hard-coded API Keys in order to not let anyone get their hands on your keys in any circumstances. If you really want to be secured from such leaks you just have to take this in mind, “never store keys in a mobile app, directly”. The attackers might find it easy to get their hands on the data from there. Be cautious, Be Fast!
Watch more News: