Hacking of Jack Dorsey’s Twitter Account Spotlights Dangers of SIM Swapping

An old hacking technique enters the spotlight in a big way

Jack Dorsey
The method by which Jack Dorsey's Twitter account was hacked spotlights a larger security vulnerability.
Andrew Mager/Creative Commons
By Tobias Carroll / September 1, 2019 9:15 am

On Friday, Twitter CEO Jack Dorsey found himself in the same position of many people who have used his company’s service: his account was hacked. The situation was resolved within 15 minutes, but the embarrassment is likely to last for much longer.

Writing for The Verge, Russell Brandom explored a more pernicious side of the hack: namely, that it showcased the hazards of SIM swapping. 

Twitter allows its users to Tweet via text message, using a service called Cloudhopper. And here’s where things get tricky:

The system only requires linking your phone number to your Twitter account, which most users already do for separate security reasons. As a result, control of your phone number is usually enough to post tweets to your account, and most users have no idea.

What does this mean? Well, if someone succeeds at “convincing a carrier to assigning Dorsey’s number to a new phone that they controlled,” they can then effectively post as Dorsey. Or, you know, anyone whose number they have who has a Twitter presence and makes use of a text-to-Tweet service. 

SIM swapping isn’t a new technique at all, but this may well be its apex in terms of visibility. 

As Brandom writes for The Verge, “Any system that makes it easier for a user to tweet will also make it easier for a hacker to take control of the account.” It’s a concise description of a very real phenomenon—and it’s one to remember when considering taking a shortcut.

Editor’s Note: RealClearLife, a news and lifestyle publisher, is now a part of InsideHook. Together, we’ll be covering current events, pop culture, sports, travel, health and the world. Subscribe here for our free daily newsletter.

Daily Brief

News From Around the Web

February 20, 2020 February 19, 2020