Twitter disables tweeting via SMS days after CEO Dorsey's account got hijacked

Published 04.09.2019 23:50
Updated 04.09.2019 23:55
Twitter CEO and co-founder Jack Dorsey gestures while interacting with students at the Indian Institute of Technology IIT in New Delhi on November 12, 2018. AFP Photo
Twitter CEO and co-founder Jack Dorsey gestures while interacting with students at the Indian Institute of Technology (IIT) in New Delhi on November 12, 2018. (AFP Photo)

Twitter announced Wednesday that it was temporarily disabling the ability to tweet via SMS, a once-popular method of using the social media platform.

In a series of tweets, Twitter Support said it was removing the feature due to a series of vulnerabilities that "need to be addressed by mobile carriers." The company also said its reliance on phone numbers for two-factor authentication played a role in the decision as well.

Twitter didn't share when the tweet via text option would be enabled again, but noted that it will "soon" reactivate it in markets that "depend on SMS for reliable communication." It added that it will work on a "longer-term strategy" for the feature, but didn't elaborate on it.

The announcement comes five days after Twitter CEO Jack Dorsey's account tweeted successive racist and offensive tweets and bomb threats for about 20 minutes in what the company quickly acknowledged was the result of a hack.

Dorsey became the target of so-called "SIM swap" fraud which enables a fraudster to trick a mobile carrier into transferring a number -- potentially causing people to lose control not only of social media, but bank accounts and other sensitive information.

This type of attack targets a weakness in "two factor authentication" via text message to validate access to an account, which has become a popular break-in method in recent years.

Some analysts say hackers have found ways to easily get enough information to get a telecom carrier to transfer a number to a fraudster's account, especially after hacks of large databases which result in personal data sold on the so-called "dark web."

"Mobile accounts' text messages can be hijacked by sophisticated hardware techniques, but also by so-called 'social engineering' -- convincing a mobile provider to migrate your account to another, unauthorized phone," said R. David Edelman, a former White House adviser who heads a cybersecurity research center at the Massachusetts Institute of Technology.

"It only takes a few minutes of confusion to make mischief like Dorsey experienced."

Thousands of these attacks have been reported in countries where mobile payments are common, including in Brazil, Mozambique, India and Spain.

Researchers at the security firm Kaspersky say security systems by many mobile operators "are weak and leave customers open to SIM swap attacks" especially if the attackers are able to gather information such as birth dates and other data.

Share on Facebook Share on Twitter