Researchers Find SMS Vulnerability In Twitter

Researchers Find SMS Vulnerability In Twitter


Twitter users who have taken the time to set up tweeting-by-SMS are putting themselves at risk of attacks where anybody can post to their account, according to a team of security researchers.

The security flaw allows attackers to post to a user’s Twitter account with just the knowledge of the mobile number associated with the Twitter account. By simply spoofing the number from which a text is sent, the attacker can easily post to Twitter without the user being alerted.

A bit like email, it’s easy to spoof the “from” number of a text message, and thus trick Twitter into thinking the update is genuine. The researchers also found the same flaw in Facebook, but the issue has been patched by its security team, the researchers say.

Twitter was notified of the problem on November 28, but has yet to roll out a fix. In the meantime, the researchers suggest that users who use the tweet-by-SMS function either enable PIN codes — a service only available in the US — or disable the feature altogether. [Jonathan Rudenberg]

Image: chaoss/Shutterstock


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.