Twitter and SMS sender substitution
Over the past two days, several articles have been published about the potential to write in someone else's Twitter, which activated the function of writing tweets via SMS. It was incorrectly stated that users located in the USA are also vulnerable to this attack.
The bottom line is that if a user has the ability to write tweets via SMS , an attacker, knowing the user's phone number, can write on his behalf.
Most Twitter users use a short number. In the USA, for example, a short number is 40404. Short numbers work in such a way that they exclude the possibility of changing the sender’s number.
But in some countries, Twitter does not yet have short numbers and in these cases regular long phone numbers are used. Thus, it becomes possible to send an SMS with a fake sender's number to these numbers. We have entered PIN protection for users who use long numbers. Also, since August of this year, we have disabled the possibility of using a long number, if there is a short one.
')
Users from the United States are not affected by this vulnerability and PIN protection is not available to them, because The use of a short number is already a protection against number substitution. We provide PIN protection, only for those users who use long numbers.
We put a lot of effort to protect our users from possible threats and appreciate your trust.
The bottom line is that if a user has the ability to write tweets via SMS , an attacker, knowing the user's phone number, can write on his behalf.
Most Twitter users use a short number. In the USA, for example, a short number is 40404. Short numbers work in such a way that they exclude the possibility of changing the sender’s number.
But in some countries, Twitter does not yet have short numbers and in these cases regular long phone numbers are used. Thus, it becomes possible to send an SMS with a fake sender's number to these numbers. We have entered PIN protection for users who use long numbers. Also, since August of this year, we have disabled the possibility of using a long number, if there is a short one.
')
Users from the United States are not affected by this vulnerability and PIN protection is not available to them, because The use of a short number is already a protection against number substitution. We provide PIN protection, only for those users who use long numbers.
We put a lot of effort to protect our users from possible threats and appreciate your trust.
Source: https://habr.com/ru/post/161493/
All Articles