Twitter is disabling the ability to send tweets via SMS messages after an incident last week when the company’s CEO Twitter account got hacked via this feature.
The social network said the move is only temporary, but did not provide a timeline for the feature’s reactivation.
Twitter blamed the whole issue on mobile networks and “vulnerabilities that need to be addressed by mobile carriers.”
According to a statement Twitter published last week, hackers took control of Jack Dorsey’s phone number and used the SMS-to-tweet feature to publish offensive tweets on the CEO’s official account last Friday, August 30.
The technique hackers used to gain control of Dorsey’s phone number is named SIM swapping, a technique that has become wildly popular with hackers in the US over the past two years [1, 2, 3].
SIM swapping is a simple social engineering trick during which hackers convince, trick, or bribe employees at mobile operators to transfer a victim’s phone number to a SIM card under the attacker’s control.
Usually, hackers who employe SIM swapping also use the temporary control they have over a victim’s phone number to reset passwords for online accounts.
Twitter said that this didn’t happen in Dorsey’s case and that the hackers only used the SMS-to-tweet feature to publish tweets on the Twitter CEO’s profile. Twitter staff secured Dorsey’s account within 30 minutes by removing the phone number attached to the CEO’s account.
The SMS-to-tweet feature is one of Twitter’s oldest components and one which many have said helped the site gain its early popularty.
A lesser known fact is that the initial tweet limit of 140 characters was put in place so tweets could fit inside the SMS messages that powered the SMS-to-tweet feature.