The Twilio attacker “explicitly” searched for 3 signal numbers • The register

The security breach at Twilio earlier this month affected at least one high-value customer, Signal, and resulted in the disclosure of the phone number and SMS registration codes of 1,900 users of the encrypted messaging service, it has been confirmed.

However, Signal — which is considered one of the most secured of all encrypted messaging apps — claims that the attacker would not have been able to access the message history, contact lists, profile information, or other personal data associated with those user accounts. The nonprofit organization said in a safety notice on its website that it has identified the 1,900 users and notifies them directly, asking them to re-register Signal on their devices.

The company has come under fire for its practice of SMS verification in the past, but the disclosure has rebounded.

According to Signal, Twilio offers SMS verification services for its platform. Twilio offers messaging, call center and two-factor authentication services, among others 256,000 customers overall — although a previous incident report on the breach said only 125 of its clients had data “accessed by malicious actors for a limited period of time.”

The news that Signal was one of the 125 has raised questions about the identity of other Twilio customers, especially since the encrypted communications platform is known for it transparency. Others may be less accommodating.

When Twilio was hit by a phishing attack earlier this month, it could potentially have resulted in the phone number of 1,900 Signal users being revealed as registered to a specific Signal account, according to Signal’s security advisory. The encryption app platform added that users’ SMS verification codes were also exposed.

It seems that during the time window that the attacker If they had access to Twilio’s customer support systems, they would have been able to attempt to re-register the phone numbers they accessed and transfer the account to another device under their own control using the SMS verification code. It also emphasizes that the attacker no longer has that access and that Twilio’s attack has been shut down.

Interestingly, Signal states that the attacker explicitly searched for three phone numbers among the 1,900 accessed, and the organization has since received a report from one of those three users that their account was indeed re-registered.

In this case, if an attacker was able to re-register an account, they would then be able to send and receive Signal messages from that phone number, Signal confirmed.

We asked Signal if there was an explanation as to why the attacker would target these three specific users, and we’ll update the story when we get an answer.

Signal went to great lengths to point out that message history is only stored on the user’s device, so Signal doesn’t have copies of it that could be accessed. Contact lists, profile information, and other private data can only be recovered using the user’s Signal PIN, which the organization did not have access to.

In addition, Signal said that its vulnerability to the Twilio attackers has already been attempted to mitigate through features such as registration lock and the Signal PIN.

Registration lock prevents anyone from registering a user’s phone number on a new phone unless they have the PIN associated with that account. This feature must be enabled by the user, and Signal now strongly encourages users to enable it.

Signal states that if users see a banner stating their device is no longer registered when they open Signal, it may indicate that their account has been re-registered, but it warns that users may be unregistered for other reasons are no longer registered, e.g. B. if they have not been active on the service for a long time.

That Twilio break Earlier this month, there was a sophisticated phishing attack in which employees received text messages claiming to be from Twilio’s IT department asking them to log in and change their password, which linked to a fake website designed to do so that it looked like the real Twilio login page. If someone fell for the ruse, the attacker used their credentials to access Twilio’s internal systems.

Last week, content delivery network Cloudflare revealed that it was the goal of a very similar attack attempt, but this attack failed because employees had to use hardware security keys as part of their login process. ®

https://www.theregister.com/2022/08/16/twilio_breach_fallout_signal_user/ The Twilio attacker “explicitly” searched for 3 signal numbers • The register

Laura Coffey

World Time Todays is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@worldtimetodays.com. The content will be deleted within 24 hours.

Related Articles

Back to top button