Security researchers have discovered a new intelligent way (DoubleSwitch) currently used by attackers to take over Twitter accounts verified and rename famous people for spreading false news.
The fact is that social networks when used strategically over time is the most powerful form of marketing and market research that the world has seen but sharing all media is incorrect.
The new attack “DoubleSwitch” is not exclusive to Twitter, it can attack also work on Facebook and Instagram. Attack performs unnecessary standard recovery mechanisms, allowing the attacker to control the victim’s account for a long period of time.
How does it work?
– earnings attacking access to your account through “deceit” or other means.
– the attacker will change the username and the associated e-mail address.
– the attacker will create a new account on behalf of the original user, but with their e-mail addresses.
– we lock the victim’s account, and can not use the standard recovery operations to recover (retrieve and go automated e-mail to the attacker).
– the attacker to steal the identity of the victim on the podium.
– The number of people at risk must be multi-factor authentication is enabled.
– should be put on social networking platforms to update the features and rules to prevent the DoubleSwitch attack.
– should be put on social networking platforms and application of alternatives to authenticate Notary users, such as existing application forms.
The legitimate owner of his account lock account
To restore our account if we use a password reset option, Twitter only sends confirmation of the identity of the email user used by the attacker to register your new account.
So any attempt by the victim to regain access to their accounts fail because the attacker can simply inform Twitter that the problem has been resolved by preventing the legitimate account holder.
Fortunately, Twitter also offers another form, an online form for reporting incidents of account penetration directly to the Twitter team and then reviewing and reviewing this issue according to helping victims recover their accounts.
Using this method, he can access to help journalists now access their accounts, but when he had access, and removed some of the original account holder tweets and were used for calculations for the publication of False news about Venezuelan events, confident followers and undermine his reputation in the process.
Access Now that the attack can also be done on Facebook and Instagram, but users can protect themselves by allowing authentication function of workers provided by the services.
Two-factor authentication two different methods used to attempt to verify the identity of the user: the password code and a unique pass (OTP) sent to the user’s mobile phone, making it much more difficult For hackers to penetrate into the first account.
However, verification staff is not a real solution for journalists, activists and human rights activists in countries such as Venezuela because they do not link their personal information such as numbers Phone with their accounts online, for fear of being spied on.