Skip to content

Spoofed caller IDs can hack Twitter

April 11, 2007

My peaceful Twitter universe was just shattered.

  OnLamp.com just posted details about how Twitter accounts can be hacked into using a Caller ID spoofing program, so that hackers can send messages using a Twitterer’s cell phone number.

Ouch.

TwitterpicNitesh Dhanjani goes into more detail how he used sites like FakeMyText.com to spoof the Caller ID to fool Twitter and another site called Jott.

So this means that if anyone gets hold of your cell phone number, and you’ve registered it in Twitter or Jott, you’re at risk.

More from Nitesh’s article:

It’s not just Twitter and Jott who are susceptible to these issues. Unfortunately, I’ve come across cell phone companies, credit card companies, and even banks that rely on Caller ID information to authenticate their customers. Because it is so easy to spoof Caller ID, it is clear that Caller ID information should never be trusted to authenticate users, and many financial institutions have learnt this the hard way.

Given the popularity of Twitter, similar phone+IM+email mash-up services are likely to be created in the very near future. I sincerely hope these services realize the implications of authenticating users based on incoming SMS headers and Caller ID information.

I think I’ll cancel that part of my Twitter registration now…just to be safe.

Advertisements

Comments are closed.

%d bloggers like this: