Twitter has temporarily disabled the 'Tweet via SMS' feature after it was reportedly abused by hackers to compromise the company's CEO, Jack Dorsey's Twitter account, whereby a series of tweets with racial slur was posted on the timeline.
The hacking group called "Chuckling Squad" - replicated the mobile number associated with the CEO's Twitter account to gain access to tweet racist, cum offensive messages and threats via SMS. The procedure known as "SIM Swap" allows anyone to recover a supposedly lost or displaced SIM by requesting the telecom company to transfer the number to another SIM card.
Through social engineering trick, the group were able to get Dorsey's mobile phone number and provider, which enabled it gain unrestricted access, whereby they used the popular 'Tweet via SMS' feature to post tweets under his username, without actually breaking into his account.
While the Tweet via SMS feature allow users to make post directly to Twitter by simply sending an SMS message to a specific Twitter number from the registered mobile number associated with the account. Albeit, it requires no extra authorization which was the bane that allowed it to be easily hijacked by the hacking group.
Twitter halted the feature to forestall such incidence from repeating itself, and has promised to reactivate it in markets that depend on SMS for reliable communication soon.
The company also confirmed it was working on longer-term strategy because of the vulnerabilities that must be addressed by the mobile carriers to have a linked phone number for two-factor authentication.