Twitter would be a major security flaw
Twitter is posing a major security flaw in sending tweets via SMS , according to security consultant Jonathan Rudenberg . Although likely, considering the amount of smartphones that are today in the world, users send tweets via SMS are scarce, security is an important issue that did not record enough caliber service Twitter. According to Rudenberg, a third party could assume the identity of the account owner if you have enabled the option to make posts like this.
The vulnerability affects only users who have enabled the publication of messages by SMS, which could post messages in our name and to change the information in our profile. When we enter our phone number, Twitter will only process the requests sent to that number. But, unfortunately, it seems that using an intermediate gateway to impersonate our phone number, a stranger can control our own without us noticing.
So far, Twitter has not yet presented a solution to this problem. What can we do if we think we are affected? Consider that users who have entered their number are the only ones likely to fall victim to this vulnerability, so the first thing we have to do is check you have not turned on our own. This is the simplest way to do it, but if you find a really useful service, then we have to also enable a security code. This is country, but could “certify” the authorship of the tweet.
But the risks are not as great as we think. Fortunately vulnerability has not been exploited, but it could be. To be affected, the attacker must know our phone number and know that we have this option enabled. Whereas other vulnerabilities to other services that have been released in recent times, not, at least at the level of the ordinary user, something so disturbing. We just have to check not have it enabled when it is likely that we are not using.
Yes it is worrying level of service. According to Rudenberg, he reported the problem to Twitter three months ago and has not done anything to fix it. That motivated him to post the problem in his personal blog , from which it has generated significant media coverage that we trust will be crucial to motivate a solution by the network of bird. According to the consultant, Twitter just asked him not made public. Facebook, meanwhile, also had this same vulnerability but solved last week.Tags: security, Twitter