SMS Caller ID Spoofing Opens Twitter Users Up to Hacking

Nitesh Dhanjani writes:

Because it is so easy to spoof Caller ID, it is clear that Caller ID information should never be trusted to authenticate users, and many financial institutions have learnt this the hard way. Given the popularity of Twitter, similar phone+IM+email mash-up services are likely to be created in the very near future. I sincerely hope these services realize the implications of authenticating users based on incoming SMS headers and Caller ID information.

This explains why Anil’s Twitter account was compromised this morning.






Leave a Reply

Your email address will not be published. Required fields are marked *