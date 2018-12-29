Stories
Twitter Security Flaw Uses Text Spoofing to Hijack UK Accounts

posted by takyon on Monday December 31, @12:07AM
Twitter security flaw uses text spoofing to hijack UK accounts

A Twitter security flaw gives hackers a way to post unauthorized tweets via text messaging, and British cybersecurity firm Insinia has proven its existence by hijacking some celebrities' accounts. The company was able to post tweets as other people without having to enter their passwords by spoofing their mobile numbers. It's easy to forget the feature if you have data and a smartphone, but Twitter still allows you to tweet via SMS. You simply have to link your digits to your account and then text what you want to post to a number Twitter designated for your country and carrier.

A Twitter spokesperson explained to The Guardian that the bug "allowed certain accounts with a connected UK phone number to be targeted by SMS spoofing." It's not entirely clear what makes certain accounts susceptible to the bug, but as Gizmodo explains, Insinia was able to send out unauthorized tweets using "longcodes." See, Twitter uses two kinds of numbers for tweeting via SMS: longcodes and shortcodes. The former looks like a typical phone number, while the latter is just three to five digits. It's different for every country and, sometimes, every carrier -- the USA uses a shortcode (40404), for instance, while the UK uses both shortcodes and a longcode (+447624800379).

Original Submission


  • (Score: 0) by Anonymous Coward on Monday December 31, @12:33AM

    by Anonymous Coward on Monday December 31, @12:33AM (#780118)

    I've been getting weird spam ads from contacts that swear they didn't send them. Think I need a different messaging service.

(1)