Twitter & Jott Vulnerable to Spoofing
Filed in archive Mobile Technologies by tom on April 18, 2007
I've just noticed a post over on ONLamp.com (via Twitterati) which talks about vulnerabilities
in the Twitter and Jott systems.
This is something close to my interests, as spoofing text from another user is something I take very seriously in all the community services I work on or build. I tried to replicate the vulnerability explained in the O'Reilly piece with Pitch, and it's thrown up an interesting side piece in relation to these services: You can spoof the sender MSISDN when sending an SMS message to a UK long number, but not to a shortcode. It seems shortcodes - at least if properly configured and managed - will set the sender MSISDN to the real sender MSISDN, as the numbers come across the cellular network, not the IP network, and require verification as they can be used for premium billing.
So as long as Twitter uses a shortcode in the UK, they can't, as far as I know, be spoofed.
in the Twitter and Jott systems.This is something close to my interests, as spoofing text from another user is something I take very seriously in all the community services I work on or build. I tried to replicate the vulnerability explained in the O'Reilly piece with Pitch, and it's thrown up an interesting side piece in relation to these services: You can spoof the sender MSISDN when sending an SMS message to a UK long number, but not to a shortcode. It seems shortcodes - at least if properly configured and managed - will set the sender MSISDN to the real sender MSISDN, as the numbers come across the cellular network, not the IP network, and require verification as they can be used for premium billing.
So as long as Twitter uses a shortcode in the UK, they can't, as far as I know, be spoofed.
Permalink: Twitter & Jott Vulnerable to Spoofing
Tags:
twitter spoofing mobile 2007 wireless twitter+jott jott+vulnerable vulnerable+spoofing
Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/64349
