Security News > 2020 > July > Exposed Twilio SDK Abused for Malvertising Attack
Cloud communications platform as a service company Twilio this week disclosed a security incident that resulted in hackers uploading a modified version of the TaskRouter JS SDK to its site.
Designed to provide easy interaction with the Twilio TaskRouter, the SDK was hosted in an Amazon Web Services S3 bucket that was improperly secured, thus becoming accessible to the attackers.
Only version 1.20 of the TaskRouter JS SDK was affected and the incident was remediated fast, and Twilio does not believe that this was a targeted attack, but opportunistic in nature.
"One of Twilio's S3 buckets is used to serve public content from the domain twiliocdn.com. We host copies of our client-side JavaScript SDKs for Programmable Chat, Programmable Video, Twilio Client, and Twilio TaskRouter on that domain, but only v1.20 of the TaskRouter SDK was impacted by this issue," the company notes.
The replacement has been automatically performed for applications that load the SDK dynamically from Twilio's CDN. "Compromise of common cloud security infrastructure is a jewel in the crown for any attacker given the scope of influence over dependent enterprises and broadly deployed mobile applications alike. Storage configuration, SDK and API attacks are an increasingly exploited vectors that can lead to misdirection, malware injection, manipulation and theft of data," Mark Bower, senior vice president at comforte AG, said in an emailed comment.