Do you ever tweet from your phone? We’re not talking about your smartphone’s Twitter apps, we’re asking if you tweet via text or SMS.
If you do, you might want to consider joining the rest of us on the smartphone train because hackers seem to be going spoof wild on phones lately – and apparently Twitter is vulnerable.
Did you know that anyone who knows your mobile number “can post messages, change profile settings and take other actions on the user’s behalf.” Yup. Read on, from ThreatPost.com:
“Twitter users with SMS enabled are vulnerable to an attack that allows anyone to post to their account. The attacker only needs knowledge of the mobile number associated with a target’s Twitter account. Messages can then be sent to Twitter with the source number spoofed,” Jonathan Rudenberg, the researcher who discovered the bug, said in an advisory on the Twitter SMS flaw.
This flaw, discovered by Jonathan Rudenberg, a developer, security consultant and researcher, noted that “until Twitter removes the ability to post via non-short code numbers, users should enable PIN codes (if available in their region) or disable the mobile text messaging feature.”
Twitter has a PIN code feature that requires every message to be prepended with a four-digit alphanumeric code. This feature mitigates the issue, but is not available to users inside the United States. [Bold ours.]
He has since updated the post saying Twitter has fixed the issue for users of short codes. But users employing “long code” should enable the PIN code in their account.
So it looks like the problem is resolved . . . for short code users. And I’m sure you know whether or not this short code/long code stuff applies to your texts. (No, not really. Disconnect your phone already.)
And finally, if you’re thinking it’s an exaggeration to say hackers are turning their sites on texters, check out what the Better Business Bureau has to say about “smishing” scams. And we recently shared one directed at Twitter users.
Do you tweet via text? Will you continue to do so?