Infosecurity Group Websites
Latest
News

Twitter Switches Off SMS Services for Security Reasons

Twitter has announced it is to switch off its SMS-based service in most countries for security reasons, marking the end of an era for the social network.

When it was first launched, the service was specifically built around SMS, with users texting their tweets, hence the 140-character limit. Things soon moved on as smartphones became near-ubiquitous and account holders switched to the more user-friendly app.

However, in an update this week, the firm said: “We want to continue to help keep your account safe. We’ve seen vulnerabilities with SMS, so we’ve turned off our Twitter via SMS service, except for a few countries.”

It’s unclear exactly what these vulnerabilities are, although Twitter previously switched off the ability to tweet via text after hackers hijacked the account of co-founder and CEO, Jack Dorsey.

On that occasion they managed to get hold of his phone number via a classic SIM-swap attack and used the feature to send out tweets in his name.

Twitter is not turning off SMS for two-factor authentication, although text-based authentication codes have been abused multiple times in the past by SIM-swap attackers.

“Everyone will still have access to important SMS messages needed to log in to and manage their accounts,” the firm said.

Twitter sought to tackle this problem in November last year when it allowed users to enroll in 2FA without a linked phone number, meaning they can choose any 2FA system that supports the FIDO2 WebAuthn protocol.

In February this year, the social network was forced to act to fix an API bug that was being abused by state actors to unmask individual users around the world.

The decision to abandon SMS-based tweets has been met with some resistance, as users took to the site to complain that the service is useful in situations such as power outages when internet connectivity goes down.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Fortinet Offers Free Cybersecurity Training

2
News

Nintendo Breach Affects 160,000 User Accounts

3
News

Experts Detect 30,000% Increase in #COVID19 Threats

4
News

Auction of World's Priciest Whisky Ruined by Cyber-Attack

5
News

Microsoft Teams Funny GIFs Vulnerability Mended

6
News

Maze Group Wages Ransomware Attack on Cognizant

1
News

PrimoHoagies Sued Over Data Breach

2
Webinar

Attack Yourself Before They Do: Strengthen Security Through Breach and Attack Simulation

3
News

Five-Year PhantomLance Campaign Targeting Android Users

4
Webinar

Using a Managed Security Service Provider in 2020: Everything You Need to Know

5
Blog

Why Data Centers Need Formal Data End-of-Life Processes

6
News

Twitter Switches Off SMS Services for Security Reasons

1
Webinar

Using SIEM to Protect Against Top Cybersecurity Threats

2
Webinar

Remotely Manage Secure File Transfers Amid COVID-19 and Beyond

3
Webinar

How to Build a Program to Manage Your Third Parties and Supply Chain

4
Webinar

Why Remediation Needs to be Part of Your Vulnerability Management Program

5
Webinar

Safeguarding Your Digital Transformation with Detection and Response

6
Webinar

The Power of Continuous AppSec and How to Achieve It

1
Blog

Security by Sector: Over a Third of Consumers Don’t Trust Digital Comms from Banks

2
Interview

Interview: Mike McLellan, Senior Security Researcher, Secureworks

3
Blog

Data Security and Decommissioning in a 5G and Streaming World

4
Opinion

Preparing for Tomorrow: Cybersecurity in a Remote World

5
News

Cyber-Attacks on Hospitals Amid #COVID19 Akin to Acts of “Terror,” Claims Eugene Kaspersky

6
Next-Gen

Moving Online: How the Shift to Virtual Webinars Can be a Tool for Cybersecurity Inclusivity