A group of security engineers and researchers called Insinia Security has placed the Twitter against the wall after hacking into celebrity accounts through a method that the social networking microblogs said to be protected. Twitter said it closed the loophole in an update made on December 28, but on 31, it was the opening point for unauthorized access to accounts with many followers.
The intrusion is made via SMS spoofing, ie “cheating” the platform of Twitter when posting a tweet via SMS. It’s an old-fashioned feature of the network, back to the days when smartphones and dedicated apps were not as popular. When it works correctly, the tool allows you to publish a tweet by sending a text message from a number associated with the account. In this case, however, the platform is fooled into thinking that this is the correct number, when in fact the message came from another device.
“A Twitter spokesman told reporters on Friday that he had ‘solved a bug that allowed certain accounts with a connected UK mobile number to be SMS spoofing’,” the network told American portal Gizmodo. “However, during a conversation, hackers who exposed the error and posted unauthorized tweets were able to replicate the experiment after Twitter’s claims.”
The hackers in question said they had notified the actual owners of the hacked profiles but had not asked for permission to do so. The idea of attacking celebrity profiles and many followers was also premeditated: the group sought to alert as many people as possible and attract as much attention as possible to the action.
Some of the attacked celebrities were Irish journalist and broadcaster Eamonn Holmes and British film director and documentary filmmaker Louis Theroux, but it is not clear how many accounts would be vulnerable to the method. Twitter has not yet spoken about the new invasions.