Turkish researcher finds a dangerous vulnerability in the Twitter application on Android |
A Turkish security researcher said he found a security vulnerability in the Twitter application on the social networking site Android which allowed him to link 17 million phone numbers to user accounts on the service.
(Ibrahim Palic) notes that the space in the Twitter calling function should allow downloading the full list of phone numbers generated by the job. "In return, if you have a phone number with you, you will get user data," the researchers told TechCrunch Tech.
Balik said: The Twitter contact function does not accept a list of serial number phone numbers, and should prevent this type of correspondence. Instead, Palic generated over two billion phone numbers in a row, then randomly allocated these numbers and applied them to Android for downloading on Twitter. The researchers confirmed that there is no gap in the ability to download contacts from the Internet.
Palic said for two months: It matches user registrations in many countries, including Israel, Turkey, Iran, Greece, Armenia, France and Germany, but after Twitter stopped working, the December 20 recording stopped.
Provided Palic TechCrunch with a sample of identical phone numbers, and the website used the phone number to identify an Israeli politician. Palic Twitter did not warn of the vulnerability, but was able to determine the number of large Twitter users, including politicians and government officials, and added it to the WhatsApp group to warn directly of the vulnerability.
Palic discovery occurs days after Twitter's announcement of a vulnerability that could allow bad actors to reveal private account information or control accounts like tweets, direct messages, and location information.
It is also worth noting that Turkish researcher Palic discovered a vulnerability in the Apple Developer Center in 2013.