Twitter urges Android users to update after breach gives hackers access to private messages

Attackers could work 'around Android system permissions' to get access to private information

Adam Smith
Thursday 06 August 2020 09:24 BST
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Twitter has urged all Android users to update to the latest version of its app due to a security issue that could allow people access to users' direct messages.

In a blog post, Twitter said that attackers could work “around Android system permissions” to gain access to a users' account.

This only affects Android OS 8 and 9 – known as Android Oreo and Android Pie, respectively. The current Android operating system is Android 10, with Android 11 launching imminently.

This is seemingly by using external apps which could access Twitter in-app data by adding extra safety precautions beyond those that are standard in the operating system.

Twitter has said the new update will now forbid such practises.

Twitter also says it has no evidence that this vulnerability was exploited by hackers – 96 percent of people using Twitter for Android already have the security patch that protects their app from this attack, it said.

Nevertheless, the four percent who do not will need to update. Twitter has sent in-app notifications to everyone who could be using a vulnerable device.

The company says it is “identifying changes to our processes to better guard against issues like this” too.

This news comes as Twitter is reeling off one of the most dangerous hacks in its history, as the accounts of many prominent figures including Bill Gates, Joe Biden, Kanye West, Jeff Bezos and others were hacked to promote a Bitcoin cryptocurrency scam.

Three people, including a 19-year-old from Britain another teenager from Florida, and a 22-year-old have been charged with the hack.

Twitter claims that a “phone spear phishing attack” was used to gain access to Twitter employees information, that could then be used to target higher-profile employees.

This contradicts previous reporting, apparently speaking to the hackers at the time on the condition of anonymity, that suggests the hackers paid a Twitter employee for access to internal tools. Twitter declined to comment.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in