Finally, Twitter decided to temporarily disable a feature, called 'Tweet via SMS' after it was abused by a hacking group named Chuckling Squad to compromise Twitter CEO Jack Dorsey last week and sent racist and offensive tweets to Dorsey's followers.
Twitter CEO Jack Dorsey's Twitter account was compromised last week when a hacker group calling itself "Chuckling Squad" replicated a mobile number associated with the CEO's account and used Tweet via SMS feature to post racist, offensive tweets to CEO's followers.
Replicating a mobile number associated with someone else is known as "SIM Swapping" where attackers social engineer a victim's mobile phone provider and trick the telecom company to transfer the victim's phone number to their own SIM card.
Once the social engineered a telecom company employee and gained access to Jack Dorsey's mobile number, the Chuckling Squad hackers group used the 'Tweet via SMS' feature to post tweets under his username, even without logging in to his account.
For those who are unaware, Twitter has a feature that gives its users the ability to post a tweet from their account just by sending an SMS message to the company number from their registered mobile number associated with their Twitter account.
This Tweet via SMS feature was once the most popular way to use Twitter in its early days when most of the people relied on phones with no internet connection, especially when in some countries the government imposes Internet blackouts to quell protests and revolutions.
However, this feature has been misused several times in the past since no authentication is required other than just having access to the linked phone number with the account.
But after this incident, Twitter says it has temporarily disabled this feature and working on improving it by exploring options to offer an authenticated way. Disabling the feature means that users can no longer post a message on Twitter by sending an SMS.
Twitter also added that the step is necessary to ensure that telecom service providers address the vulnerabilities at their end to prevent the steady stream of hacks faced by celebrities and public personalities all over the world over the past few weeks. Twitter also said that they are working on a better way to ensure two-factor authentication (2FA) for enhanced security.
However, Twitter has not provided any timeline for the reactivation of this feature.
Jack Dorsey is not the only person falling victim to the SIM swapping attack (also known as Port Out scam) in recent days. Other victims whose Twitter accounts have recently been compromised by a hacking group named Chuckling Squad include actress Chloe Grace Moretz and a number of social media influencers with large followers.
So, the hijack of Twitter CEO Dorsey's account makes Twitter into quick action in order to prevent further incidents of accounts being hacked by this method.
I hope you find useful information in this article. If you have any questions then please mention in the comments section and I will get back to you and stay tuned with my blog to learn interesting things related to cybersecurity and hacking.
Comments
Post a Comment