Twitter security flaw allows takeover of some UK accounts

Security firm hijacks high-profile UK Twitter accountsAn error in the security system of Twitter-enabled hackers to post illegitimate tweets via text messaging on several UK accounts, including those of celebrities. According to the report, a British cybersecurity firm Insinia compromised Twitter accounts by spoofing user’s mobile number and using it to post tweets without entering the passwords.

Smartphone owners must have forgotten the feature but Twitter still allows their users to tweet via SMS. To do so, they simply have to link their accounts with their phone numbers and post tweets on their designated account.

Twitter confirmed the security flaw and explained that the bug gave hackers access to UK phone numbers, which were ultimately used to spoof SMS and send out unauthorized tweets. The social media company claims to be uncertain about what caused the vulnerability but suspects that Insinia is spoofing SMS through ‘longcodes.’

A Cyber security firm was able to post tweets on celebrities’ accounts without entering passwords (i.e via text message service)

The company confirms to have resolved the ‘bug’. However, Insinia says it is still able to hijack accounts even after a patch was issued by Twitter. Nevertheless, Insinia claims that access to tweets does not enable them to verify people’s identities. Insinia chief also conducted an experiment to show the same and states that the flaw is easily detectable that even a novice hacker can carry out the attack within half hour.

Insinia chief also reveals that Twitter has been facing similar problems for years and unable to find a solution as of yet. To this, Twitter admits that the same issue was visible in 2012 and affecting accounts of UK only. US-based account holders are safe from the spoof as of yet.

Read Next: Twitter's Wings Have Been Clipped As The Social Network Is Struggling to Reignite Its Growth Engine

Photo: SIPA USA/PA Images

No comments:

Post a Comment