If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Twitter Logo

Twitter and similar service Jott can be exploited very easily - all you need to know is a person’s phone number to take over their account to post phony messages. This hack is made easy because these services rely on caller id for authentication. If you have someones phone number you can send spoof message that looks like it was from someone else.

Nitesh Dhanjani discovered the exploit and notes the process

I tested the Twitter vulnerability by doing the following:

1. I registered at fakemytext.com, a SMS spoofing service.

2. Since the fakemytext.com service is based in the UK, I went through the Twitter FAQ and noted their UK based SMS number: +44-7781-488126.

3. I sent the following SMS via fakemytext.com to +44-7781-488126 with the “From” number set to my phone number: “Testing via http://www.fakemytext.com/ . This better not work!”

4. I checked my Twitter page, and sure enough, it was updated with the above SMS message. This means that anyone who knows a Twitter user’s cell phone number can update that persons Twitter page.

So for all of you out there who both have a twitter account and have your phone number on your website - look out.

Found via MonkeyBites.

Tags: , , ,

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • Bumpzee
  • del.icio.us
  • Facebook
  • Furl
  • Mixx
  • NewsVine
  • Reddit
  • StumbleUpon
  • YahooMyWeb
  • Google

If you enjoyed this post, make sure you subscribe to my RSS feed!

Get GetANewBrowser delivered to your inbox

Related Posts

No related posts, you should check out...