Welcome to WebmasterWorld Guest from 54.161.110.186

Forum Moderators: not2easy & rumbas

Message Too Old, No Replies

Twitter and False Updates Through SMS Spoofing

     
12:52 pm on Dec 5, 2012 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Over the past two days, a few articles have been published about a potential problem concerning the ability to post false updates to another user's SMS-enabled Twitter account, and it has been misreported that US-based Twitter users are currently vulnerable to this type of attack.
Twitter and False Updates Through SMS Spoofing [engineering.twitter.com]
Most Twitter users interact over the SMS channel using a "shortcode." In the US, for instance, this shortcode is 40404. Because of the way that shortcodes work, it is not possible to send an SMS message with a fake source addressed to them, which eliminates the possibility of an SMS spoofing attack to those numbers.

However, in some countries a Twitter shortcode is not yet available, and in those cases Twitter users interact over the SMS channel using a "longcode." A longcode is basically just a normal looking phone number. Given that it is possible to send an SMS message with a fake source address to these numbers, we have offered PIN protection to users who sign up with a longcode since 2007. As of August of this year, we have additionally disallowed posting through longcodes for users that have an available shortcode.

It has been misreported that US-based Twitter users are currently vulnerable to a spoofing attack because PIN protection is unavailable for them.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month