Twitter right now finally decided to briefly disable a aspect, called ‘Tweeting by way of SMS,’ just after it was abused by a hacking group to compromise Twitter CEO Jack Dorsey past week and despatched a sequence of racist and offensive tweets to Dorsey’s followers.
Dorsey’s Twitter account was compromised final 7 days when a hacker group contacting alone “Chuckling Squad” replicated a mobile cellphone amount associated with the CEO account and abused this certain function to post racist, offensive messages and bomb threats from it through SMS.
Replicating a cell phone variety affiliated with a person else is a technique recognised as “SIM swapping,” in which attackers social engineer a victim’s cellular cell phone company and trick the telecom enterprise to transfer target’s cell phone selection to their have SIM card.
The moment they social engineered an AT&T staff and obtained access to Dorsey’s telephone variety, the Chuckling Squad hackers applied the ‘Tweeting by way of SMS’ aspect to post tweets underneath his username, even without the need of in fact logging in to his account.
For those people unaware, Twitter has a feature that gives its buyers the capability to article a tweet from their account just by sending an SMS information to the firm range from their registered cell number connected with their Twitter account.
Twitter CEO Jack Dorsey’s Twitter Account Acquired Compromised!
Twitter claims the telephone number linked with the account was compromised due to a stability oversight by the cellular company, allowing for an unauthorized man or woman to compose and deliver tweets by means of text message from the cell phone range pic.twitter.com/TmL2LufZyV
— The Hacker News (@TheHackersNews) August 31, 2019
This characteristic was the moment the most well-liked way to use Twitter in its early days when most persons relied on telephones with no internet link, particularly when in some nations around the world authorities imposes Web blackouts to quell protests and revolutions.
Nonetheless, the attribute continue to exists and has been misused various periods in the previous considering the fact that no authentication is essential other than just owning entry to the connected cell phone selection.
In a series of tweets posted today, Twitter claims it has briefly disabled this function and working on bettering it by discovering possibilities to offer an authenticated way.
“We’re getting this action simply because of vulnerabilities that need to have to be dealt with by cellular carriers and our reliance on having a connected cellphone range for two-aspect authentication (we are doing work on increasing this),” the enterprise stated.
“We’ll reactivate this in marketplaces that depend on SMS for dependable conversation soon though we function on our lengthier-term approach for this element.”
Even so, the corporation has not furnished any timeline of the reactivation of this function.
Dorsey is not the only individual falling sufferer to SIM swapping attack in modern times. Other victims whose accounts have not long ago been compromised by Chuckling Squad involve actress Chloë Grace Moretz and a variety of social media influencers with significant followers.