According to twitter ” The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved. “
A SIM swap attack involves convincing your mobile phone provider to switch your phone number over to a SIM card an attacker controls. Afterwards , all the incoming messages, calls, SMS codes are sent to the attackers own phone that has the swapped number.
In Jack Dorsey’s case, the hacker sent tweets via the swapped phone number associated with Jack’s twitter account. By texting 404-04, a text message will be posted on the Twitter account associated with the phone number.
SIM swap attacks/SMS intercept has been the cause of many security breaches. Reddit breach of august 2018 was caused by SMS 2FA interception. According to Reddit “we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept. We point this out to encourage everyone here to move to token-based 2FA”
SMS/SIM as a method of user authentication is already deprecatedin NIST Identity guidelines.
Authentication factors based on challenge-response protocols such as WebAuthN, using the user’s smartphone as proof of possession and/or biometrics is far more secure compared to one-time passwords.
Discover more from Cyber Insights
Subscribe to get the latest posts sent to your email.
Hi there every one, here every one is sharing these kinds of knowledge,
so it’s fastidious to read this blog, and I used to pay
a quick visit this blog every day.