Twitter, Facebook affected by SMS spoofing flaw
Users who send and receive Twitter messages via text message from their mobile phone are vulnerable to a weakness that could allow anyone to post a tweet to their account, according to a developer and security researcher who discovered the flaw.
Jonathan Rudenberg said in a blog post on Monday that all the attacker needs to know is the target's cell phone number. Then they can spoof the originating address of the text message, or SMS,
"Like email, the originating address of [an] SMS cannot be trusted," Rudenberg wrote. "Many SMS gateways allow the originating address of a message to be set to an arbitrary identifier, including someone else's number."