Twitter SMS-Spoofing Bug

Dec 4, 2012 | comments



Twitter users with SMS enabled are vulnerable to an attack that allows anyone to post to their account. Users of Twitter that have a mobile number associated with their account and have not set a PIN code are vulnerable. All of the Twitter SMS commands can be used by an attacker, including the ability to post tweets and modify profile info. Messages can then be sent to Twitter with the source number spoofed," Jonathan Rudenberg, the researcher who discovered the bug, said in an advisory on the Twitter SMS flaw .
Facebook and Venmo were also vulnerable to the same spoofing attack, but the issues were resolved after disclosing to their respective security teams.

The vulnerability is a reault of the way that the Twitter service handles incoming commands from users's mobile devices. Twitter users have the option of turning on an option that allows them to post messages, follow and unfollow users and take other actions simply by sending SMS commands from their mobile phones. In order to do this, a user must register his mobile number with Twitter in his profile, so the service knows what account the commands are associated with. The problem, however, is that anyone who knows a user's mobile number can post messages, change profile settings and take other actions on the user's behalf.


Share this article :

Post a Comment

I'm certainly not an expert, but I'll try my hardest to explain what I do know and research what I don't know. Be sure to check back again , after moderation i do make every effort to reply to your comments .

 
Support : INDIATRIKS
Copyright © 2011. INDIATRIKS - All Rights Reserved
Template Edited By Indiatriks
Proudly Powered By Blogger