Twitter security flaw enables hackers access to UK accounts

Must Read

How to solve iOS update problems

A newer and enhanced version of anything encourages people to try. This is because it brings convenience...

The number one reason vaping devices explode

Over the past several years, we’ve watched so-called “cigalikes” and vapes steal the show from Big Tobacco...

How to sync Google Drive with OneDrive

Nowadays, cloud storage is becoming more and more popular as a means of storing and backing up...
Avatar for Jazib Zaman
Fazeel Ashraf
IT graduate from Pakistan’s National University of Science and Technology with a passion for writing. When not reading or writing, I can be found listening to rock and metal or playing some classic jams on my electric guitar. I’m also a big fan of horror movies.

Twitter has a massive security flaw that enabled vigilante hackers to access accounts based in the UK. Hackers from Insinia, a British security firm, exposed the flaw by gaining access to some verified celebrity accounts and posting messages.

Insinia was able to pose as celebrities and journalists, without having any knowledge about their passwords. They did this by “spoofing” the cell phone numbers of the users and posting the tweets via text. Most users do not know about this feature.

Twitter allows users who have a smartphone and a data plan to tweet via SMS. Users have to link their mobile phone number to their Twitter account and send the tweet as a text to a specific number.

Insinia confirmed that it sent the tweets and said they did it to expose the vulnerability.

It is unclear how the hackers managed to tweet via the mobile numbers exactly.

Twitter uses both shortcodes and long codes to send tweets via SMS. Shortcodes are just three to five digits, whereas long codes look like proper phone numbers.

Long codes and shortcodes can vary from country to country, and sometimes different carriers can have different shortcodes as well. As an example, USA uses a shortcode (40404), whereas the UK uses both shortcodes and a long code (+447624800379).

A spokesperson for Twitter claimed that the issue had been resolved. Insinia said that it had still managed to send out fake tweets, despite Twitter’s reassurances. The hackers were not able to access users’ Direct Messages or personal details, but they should not have been able to get access in the first place.

Insinia’s chief Mike Godfrey said as much. Godfrey claimed his company carried out the testing to prove how text messaging can be exploited to verify people’s identities. Godfrey added:

“We should not be using 50-year old technology. It is massively flawed by design. Even someone completely unskilled could carry [out] this attack within half an hour. This took us 10 minutes.”

The Insinia’s chief believes the security loophole might have been in existence for a few years at least. He also claimed that his company’s testing might have encouraged Twitter to take better countermeasures.

Gizmodo claimed that Twitter has admitted the SMS vulnerability existed since 2012. So essentially, Twitter had six years to clean up their mess, which they failed to do. It seems the bug is the same one or quite similar to the one that existed in 2012.

It seems only UK residents have been affected, at least for now. US citizens seem to be safe at the moment. A Twitter spokesperson said Twitter doesn’t “believe there is any significant risk to US-based account holders.”

Twitter has been under scrutiny for some time now. The social media network has suffered from numerous Bitcoin scams, and the company was called out for its role in the Russian hacks of the 2016 US presidential election.

It will be interesting to see how the company bounces back from these scandals.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

How to solve iOS update problems

A newer and enhanced version of anything encourages people to try. This is because it brings convenience...

The number one reason vaping devices explode

Over the past several years, we’ve watched so-called “cigalikes” and vapes steal the show from Big Tobacco and the cigarette industry, as...

How to sync Google Drive with OneDrive

Nowadays, cloud storage is becoming more and more popular as a means of storing and backing up data. Among multiple cloud drives,...

Apple TV+ is just $4.99 per month, free first year with new Apple products

The Apple Event 2019 took place on September 10th, 2019, in Cupertino, California. The event highlighted various upcoming releases by Apple, and one...

Everything you need to know about iPhone 11, iPhone 11 Pro and Pro Max

Apple has announced iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max. The announcement was made at Apple Event held...

More Articles Like This