quickview
Twitter Users Vulnerable To SMS Spoofing Attack
Twitter vulnerability would allow attackers to post messages to targeted accounts. Similar flaw has already been addressed by Facebook and SMS payment provider Venmo
Twitter users are vulnerable to an attack that would allow anyone to post messages to their Twitter feed or alter their account settings, provided the attacker knew the mobile phone number associated with the targeted user's account.
"Messages can then be sent to Twitter with the source number spoofed," according to a blog post from security researcher Jonathan Rudenberg, who discovered the vulnerability. "Like email, the originating address of a SMS cannot be trusted. Many SMS gateways allow the originating address of a message to be set to an arbitrary identifier, including someone else’s number.
"Users of Twitter that have a mobile number associated with their account and have not set a PIN code are vulnerable," he said. Attackers would have full access to all Twitter SMS commands, including the ability to post tweets, reply to tweets, retweet messages, send direct messages to other Twitter users, and change the name and URL associated with a public profile.
...
