The researchers accused Twitter of not fixing the vulnerability and also falsely reporting that the vulnerability has been fixed
Recently, researchers in London, UK, found that social networking sites have security vulnerabilities that allow attackers to directly manipulate celebrity and journalists’ accounts.
Vulnerabilities mainly exist in Twitter’s SMS verification system. Under normal circumstances, users can operate their own accounts by sending specific SMS messages, such as a push.
Researchers use some software that tampers with mobile phone numbers to spoof user active actions, and only need to know the mobile phone number bound to a particular user.
This vulnerability basically affects only users in the UK but the damage is still very large. After the vulnerability was submitted to Twitter, the company subsequently stated that it had completely repaired the vulnerability.
Just as the Twitter spokesperson said that the bug had been fixed, the researchers issued a message saying that Twitter was not fixed at all, that is, the vulnerability still exists in the system.
In an interview with the technology website, the researchers also hijacked the account of a financial technology company in London and forwarded the tweet, confirming that the vulnerability was not fixed.
Moreover, the operation method of the vulnerability has been basically disclosed, so the subsequent influence may become larger and larger, and more and more celebrity accounts may be hijacked.
Researchers recommend that UK users stop using mobile phone number binding before Twitter completely fixes the vulnerability to prevent false messages from being attacked by attackers.
Via: Gizmodo