US Twitter Users Not Vulnerable To SMS Spoof - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Enterprise Architecture
News
12/5/2012
08:16 AM
Connect Directly
Twitter
Facebook
LinkedIn
RSS
E-Mail
50%
50%

US Twitter Users Not Vulnerable To SMS Spoof

A vulnerability in Twitter would allow spoofed posts to a user's account if the account were enabled for SMS updates. Twitter said Tuesday that users in the U.S. are not vulnerable and that users abroad who are should configure their accounts to require a PIN for SMS updates.

A vulnerability in Twitter described by security researcher Jonathan Rudenberg does not affect U.S. users according to Twitter's product security engineering manager Moxie Marlinspike.

Twitter allows users to configure their accounts to receive posts and some profile changes via SMS commands sent to a particular code. In the U.S., this is a particular short code, specifically 40404. Elsewhere, a long code might be required. Rudenberg demonstrated how to trick the service into accepting commands from unauthorized sources.

Rudenberg said in a update to his post that Twitter fixed the problem for short code countries and recommends that other users configure their accounts to require a PIN for updates. But in his blog post Tuesday, Marlinspike said that users in countries with short code support, including U.S. users, are not vulnerable, making no reference to fixing the problem.

The posts imply a disagreement over when any fixes were made to Twitter, especially inasmuch as Marlinspike says "...it has been misreported that U.S.-based Twitter users are currently vulnerable to this type of attack." He doesn't specifically attribute such misreporting to Rudenberg.

Rudenberg had found a similar problem for Facebook and Venmo, but those services fixed the vulnerability before Rudenberg went live with his disclosure.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
Slideshows
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Slideshows
Flash Poll