5 Companies That Dropped The Ball This Week

Twitter Responds Sluggishly To SMS Hijacking Vulnerability

When researcher Jonathan Rudenberg informed Twitter in August about a vulnerability in its SMS posting mechanism, the company asked him not to publish details of the flaw until it could ready a fix.

But three months later, after not hearing from Twitter despite repeated attempts to contact the company, Rudenberg went public with details on the vulnerability, which allows an attacker to break into user accounts via SMS and can be carried out by spoofing the telephone number associated with the SMS account.

"Like email, the originating address of SMS cannot be trusted," Rudenberg said in a blog post describing his discovery.


Get the latest channel news to your inbox every morning with the CRN Daily newsletter.