Twitter SMS Hack Leads to Temporary Suspension of ‘Tweet via SMS’ Feature
- September 27, 2019
- Hiba Sulaiman
Earlier this month, Twitter temporarily suspended a popular feature that allows tweeting via SMS. Tweet-to-text is the ability for users to tweet via SMS. It means that users are no longer able to post a tweet by texting it to a ShortCode, which was the key feature Twitter has to offer. It is no coincidence that this temporary policy comes two days after Twitter’s CEO, Jack Dorsey found his account was hacked. It caused hackers sending racist tweets using the Tweet via SMS feature. It didn’t stop there, Chloe Grace Moretz also reported that her account was hacked through the same vulnerability.
About the SMS Feature
The SMS feature was more popular in Twitter’s early days but it is still a legacy feature since most people nowadays rely on smartphone apps. Users can send tweets without logging in to an account. All they have to do is text from the phone number linked to the account. However, the feature still exists but has been suspended as it has been misused several times in the past too. The major reason turns out to be no authentication is required other than just having access to the linked phone number. It is hard to say when Twitter will activate it again but it has been claiming to be one of the safest social media platforms.
Hackers called themselves “Chuckling Squad”
Dorsey’s Twitter account was compromised when strange racist and anti-Semitic slurs were tweeted from his account. It was hacked by a group called “Chuckling Squad” and they apparently had no access to the account, but replicated a mobile phone number associated with Dorsey’s account. ‘Sim swapping’ is a technique where hackers engineer a victim’s mobile phone provider and trick the telecom company to transfer the victim’s phone number to their own SIM card.
Users are looking forward to SMS activation
According to a thread, Twitter Support said: “We’re taking this step because of vulnerabilities that need to be addressed by mobile carriers and our reliance on having a linked phone number for two-factor authentication (we’re working on improving this)”. This series of issues in the SMS feature was caused due to vulnerabilities by mobile carriers. The SMS feature was once the most popular way of using Twitter in its early days. Although this feature still exists but Twitter has not mentioned when it will be activated again. Twitter also added that are working on a long-term strategy for this feature but have not updated on it yet. This feature is more commonly used in emerging markets having poor no mobile internet coverage. Still, there are no updates on the reinstating SMS feature any sooner.
The good news for Twitter is that its internal systems did not fail and hackers could not get access to sensitive information from the CEO’s account. However, it is a major flaw that needs to be addressed so that the same does not happen to Dorsey or other users. Looks like there is a lot on their plate besides putting all the blame on the mobile carriers. They are probably looking for reliable security testing services for improved security while using the SMS feature.