Twitter accounts still at risk of being hijacked
DESPITE claims of a fix by Twitter, researchers at a Britain-based security firm who earlier hijacked accounts of several celebrities and journalists to expose a vulnerability have said that the loophole still persists at the popular social media platform.
Insinia Security last week said it successfully hijacked the accounts of a number of celebrities, including broadcaster Eamonn Holmes, documentary film-maker Louis Theroux, travel writer Simon Calder and TV presenter Saira Khan among others.
To take control of the accounts, the researchers used fake SMS verifications that made it appear as if they belonged to the account owners, according to reports.
A Twitter spokesperson told reporters on Friday that it had “resolved a bug that allowed certain accounts with a connected UK phone number to be targeted by SMS spoofing”.
But the hackers who posted the unauthorised tweets to celebrity accounts appeared to reproduce the experiment after Twitter made its claim, Gizmodo, a science website reported.
A simple method allowed researchers at Insinia Security to send tweets, direct messages, retweet and like tweets, follow and unfollow people, according to the company which warned that the vulnerability could be easily exploited by nation states, hackers and organised crime groups.
The vulnerability could be used to “spread fake news and disinformation via influential celebrities and journalists”, Insinia warned in a blog post.
Insinia recommended that users should remove their phone numbers from their Twitter accounts until the bug is fixed.
“Twitter should completely remove this functionality (SMS verification) as users rely on their phones for two-factor authentication,” Insinia said.
|