- Insinia Security, a security company, has hacked high profile Twitter accounts to expose the vulnerability of Twitter.
- The hacked Twitter accounts included Eamonn Holmes, a journalist and broadcaster, Louis Theroux, a British documentary filmmaker, Simon Calder, a travel journalist, and Saira Khan.
Insinia Security hacked a number of high profile Twitter accounts to publicize the vulnerability of Twitter. The vulnerability could allow an attacker to send messages from uncontrolled accounts simply by knowing the phone number of a person.
Insinia warned Twitter on several occasions that the vulnerability could be exploited to send false news or disinformation. In addition, attackers can also use the vulnerability to send direct messages to trusted contacts in the victim’s network to click links that install advanced malware on remote control devices.
Insinia Security has hacked several high – profile Twitter accounts to highlight the vulnerability of security in the social media network. The spoofed messages from Insinia read ‘ This account was temporarily hijacked by Insinia Security. ‘ In his blog, Inisina explained that she was able to inject her messages into the targeted victims ‘ accounts by analyzing how Twitter interacted with smartphones when messages were sent.
TWITTER Research PT2 – “If there was even a possibility for us to view, intercept or access data, we would not have carried out this research.” https://t.co/NsMo2Uyu8r
— INSINIA SECURITY (@insiniasec) December 29, 2018
The security company revealed that their knowledge of the process, together with publicly available information on Twitter’s SMS policies and a target phone number, enabled them to post messages that seemed to come from the real owner of the account. Mike Godfrey, Chief Executive Officer of Insinia, said that his firm had only “passive interactions ” with the targeted Twitter accounts and denied that it had broken the law.” We did not have access to any Twitter account and saw no direct messages from them.
Nothing was hacked badly, “Godfrey said to the BBC.” What we did is nothing unethical or irresponsible, “added Godfrey. In addition, Insinia Security recommends that users remove their telephone number as a precaution from their Twitter accounts.
Criticisms by the security community
Because of its unconventional method, Insinia Security faces some flaw from the security community and the account owners concerned about its attempt to highlight the security issue of Twitter. Travel journalist Calder confirmed to the BBC that the attack was carried out without his permission and described it as a “hard ” and ” nervous ” experience that left him unimpressed. ” Interfering in this way with many people’s accounts is irresponsible, “said Prof. Alan Woodward of Surrey University.
A cyber security expert said that it is a normal practice for security researchers to perform such a “proof of concept “by hacking their own accounts or those of volunteers who cooperate, but not an unconscious public. Another expert added that this could constitute a violation of the Computer Misuse Act.
Despite Insignia’s questionable methodology, the incident prompts Twitter users to consider protecting their accounts by better security measures and preventing the sharing of sensitive information on the platform. It also calls on Twitter to strengthen its account security features for its users.