Skip to content

Kashif Ali

Surfeit and Blasé Security

Posted on December 4, 2012 by arstechnica.com

Tweeting with SMS can open door to hacks on your Twitter account (updated)

Twitter users who use their phone's text messaging to tweet are susceptible to an exploit that allows attackers to make unauthorized tweets and changes to the profile, a security researcher has warned.

The attack, according to a blog post published by researcher Jonathan Rudenberg, works so long as a Twitter account is configured to accept SMS messages and doesn't have a personal identification number set up. The added PIN protection isn't available in the US, he said. Attackers who know the phone number associated with an account can then make unauthorized tweets and a variety of profile changes by spoofing the number. The attack exploits the ease of spoofing the originating address of SMS messages.

"Twitter users with SMS enabled are vulnerable to an attack that allows anyone to post to their account," Rudenberg wrote. "The attacker only needs knowledge of the mobile number associated with a target's Twitter account. Messages can then be sent to Twitter with the source number spoofed."

Read 5 remaining paragraphs | Comments

Categoriesaccount compromise, Naked Security, Risk Assessment, Security, Technology Lab TagsTwitter

Post navigation

Previous PostPrevious Chicken or Egg: Where Does W32.Changeup Come From?
Next PostNext California Eyeing Drone Surveillance
December 2012
M T W T F S S
 12
3456789
10111213141516
17181920212223
24252627282930
31  
« Nov   Jan »

Tags

  • Adobe
  • Android
  • anonymous
  • Apple
  • Biz & IT
  • censorship
  • Crime
  • Cybercrime
  • Cybersecurity
  • Data loss
  • data protection
  • DDoS
  • Exploit
  • Facebook
  • FBI
  • Featured
  • hack
  • hacking
  • Hacks and Cracks
  • https
  • intellectual property
  • iphone
  • Law & order
  • Malware
  • Mobile
  • NEWS & INDUSTRY
  • OS X
  • passwords
  • phishing
  • politics
  • privacy
  • Scam
  • Social networks
  • Spam
  • SSL
  • Stuxnet
  • Surveillance
  • Tech
  • The Courts
  • The Ridiculous
  • Twitter
  • Uncategorized
  • Vulnerability
  • Windows
  • Zero Day
About Proudly powered by WordPress