Twitter users who post tweets to their feeds via SMS could be vulnerable to a security flaw, according to Jonathan Rudenberg.
Rudenberg posted on his blog yesterday about an SMS vulnerability he came across in Twitter that allows anybody who’s knowledge of someone’s mobile number to post tweets to that individuals feed.
Twitter’s issue is that it automatically admits tweets from an originating address “implicitly,” according to Rudenberg. Additionally, in some countries, Twitter doesn’t support short codes, which ensure content is carried only over one carrier’s network and not between two operator services.
In order for the exposure to be exploited, victims must have SMS tweeting authorized on their accounts. From there, the attacker needs to spoof their actual mobile number through an SMS gateway.
Twitter has not responded to these claims yet.