New problem on the side of Twitter. The social network is at the heart of a vulnerability revealed by a cybersecurity researcher. This discovery comes as the platform has laid off several thousand of its employees.
An SMS attack
According to information from Data Breach, the vulnerability concerns the double authentication protocol. A researcher found that by texting the STOP message to Twitter’s verification service, two-factor authentication is automatically disabled. “Your phone has been deleted and SMS two-factor authentication has been disabled for all accounts”responds the Twitter service by message.
This breach opens the door to an attack by SMS spoofing, phone spoofing. If the hacker manages to deactivate the function by this simple technique, he can then easily access the account. The security researcher behind this discovery communicated the flaw to the cybersecurity company ISMG. She was able to replicate the attack. Twitter allows you to use several means of authentication such as SMS, a dedicated application or even a security key.
Increase in incidents
According to the New York Department of Financial Services, Twitter has weak internal security protocols and no senior cybersecurity staff. The double authentication vulnerability comes as several users of the social network experienced problems receiving text messages on Monday, November 14, reports The Verge. Twitter acknowledged isolated issues in receiving messages.
“In order to clear up any confusion regarding two-factor authentication on Twitter, it is still active and is a good way to protect your account. If you have it enabled, the authentication method you chose should work. We are looking into the few cases where SMS codes are not being delivered”reacted the social platform.
The multiplication of incidents since the wave of dismissals operated by Elon Musk could pose new problems in the future. For several days, the blue bird network has been dropped by advertising agencies who consider the platform to be risky.