Twitter Inc. told a U.S. senator it is cutting ties with a European technology company that helped it send sensitive passcodes to its users via text message.
The social media firm said in a disclosure to U.S. Senator Ron Wyden, a Democrat from Oregon, that it is “transitioning” its service away from working with Mitto AG, according to a Wyden aide.
A co-founder of Mitto operated a service that helped governments secretly surveil and track mobile phones, according to former employees and clients.
One of the approaches said to have been used was exploiting known vulnerabilities in the mobile telecoms protocol Signaling System 7 (SS7). It has been known since at least 2016 that major security flaws in SS7 mean that it can be used to listen to your calls, read your texts, and track your position.
The privacy breach appears to have been carried out by Mitto cofounder and chief operating office Ilja Gorelik without the knowledge of others in the company. A Mitto spokesperson said that the company itself had no involvement, and was investigating. Unconfirmed reports say that Gorelik is no longer involved with the company.
Link