Twitter & Jott Vulnerable to Spoofing
Filed in archive Mobile Technologies by tom on April 18, 2007
I've just noticed a post over on ONLamp.com (via Twitterati) which talks about vulnerabilities
in the Twitter and Jott systems.
This is something close to my interests, as spoofing text from another user is something I take very seriously in all the community services I work on or build. I tried to replicate the vulnerability explained in the O'Reilly piece with Pitch, and it's thrown up an interesting side piece in relation to these services: You can spoof the sender MSISDN when sending an SMS message to a UK long number, but not to a shortcode. It seems shortcodes - at least if properly configured and managed - will set the sender MSISDN to the real sender MSISDN, as the numbers come across the cellular network, not the IP network, and require verification as they can be used for premium billing.
So as long as Twitter uses a shortcode in the UK, they can't, as far as I know, be spoofed.
in the Twitter and Jott systems.This is something close to my interests, as spoofing text from another user is something I take very seriously in all the community services I work on or build. I tried to replicate the vulnerability explained in the O'Reilly piece with Pitch, and it's thrown up an interesting side piece in relation to these services: You can spoof the sender MSISDN when sending an SMS message to a UK long number, but not to a shortcode. It seems shortcodes - at least if properly configured and managed - will set the sender MSISDN to the real sender MSISDN, as the numbers come across the cellular network, not the IP network, and require verification as they can be used for premium billing.
So as long as Twitter uses a shortcode in the UK, they can't, as far as I know, be spoofed.
Permalink: Twitter & Jott Vulnerable to Spoofing
Tags:
twitter
spoofing
mobile
2007
wireless
twitter+jott
jott+vulnerable
vulnerable+spoofing
Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/64349
Mr Wong
| 
