CGISecurity Logo

Twitter SMS spoofing

"A fix against an SMS spoofing flaw involving micro-blogging service Twitter offers only partial protection.

Tests by Heise Security found
that providing a user knew the number of a phone associated with a
Twitter account, it would be possible to use an SMS sender faking
service to post fake status updates that appeared under a user's
profile. Services such as PhonyText allow the relaying of SMS messages
with a fake sender field. Spoofed SMS messages sent through this
service to the number for sending SMS tweets could thus be used to
create fake tweets.

In this way, providing you knew the mobile number associated with
accounts, it might be possible to suggest that Stephen Fry was once
again stuck in a lift instead of whale-watching off the coast of Mexico
or that Britney's vagina had grown claws as well as teeth."

Read more: http://www.theregister.co.uk/2009/03/06/twitter_sms_spoofing_risk/