Wednesday, December 5, 2012

Twitter fixes SMS-based account hijacking vulnerability

Security researcher named Jonathan Rudenberg reported that attackers can abuse the Twitter accounts of users who added their phone numbers to their profiles in order to use the service via SMS (Short Message Service). So, in response to this, Twitter has fixed the account hijacking flaw by restricting the attackers to post tweets and perform other actions on behalf of many users who have phone numbers associated with their accounts. Most Twitter SMS users are protected from spoofing attacks by default, but others need to set PIN in order to protect themselves for being a victim. The issue occurred in the origin of text messages that can be spoofed via services that allow users to do this with ease.

No comments: