British security researchers from Insinia Security have recently brought attention to a bug that enabled them to send tweets from the Twitter accounts of British celebrities and journalists. By using this method, they could bypass the password input and two-step identicator process entirely.
They are able to do so by sending SMS messages to SMS-enabled accounts via a spoofing tool. After the security researchers acquired the phone numbers linked to certain accounts, they would use the spoofing tool to make it appear like the SMS messages were being sent by each Twitter account’s linked phone number.
Twitter recently made an announcement that that bug has been fixed. However, shortly after, Insinia Security researchers were back at it again, and were still able to SMS spoof a number of accounts. Twitter has issued a statement stating that they are re-examining the issue.
As of now, it appears that only accounts in the UK are vulnerable to this bug, but that’s not very comforting as there are a lot of people living in the UK with Twitter accounts. Insinia Security has stated that they chose to take over high profile accounts to bring more awareness to the bug, but who knows if this can affect your average, everyday Brit as well?
