HOW TO HACK A FACEBOOK ACCOUNT?
THAT’S AN ANSWER EVERYONE WANTS TO KNOW.
THOUGH THERE ARE MANY WAYS TO GET INTO SOMEONE’S FACEBOOK BUT THESE RESEARCHERS HAVE DEMONSTRATED HOW TO HACK ANYONE’S ACCOUNT WITH JUST THEIR PHONE NUMBER!
There are about a billion users of Facebook nowadays which constitutes to about a sixth of the world’s population. So when someone is hacking an account, they are attacking one in every six people on the planet. And it has become pretty easy for hackers to hack into Facebook accounts. Researchers managed to prove that as long as someone has a phone number of the target, then they can certainly take control of the person’s Facebook account. Of course, the attacker would need some few hacking skills.
It’s pretty scary when you think about it because at the end of the day you will think that you have put all the measures possible to protect your account only to realize that it might be futile.
Through the SS7 network, hackers can enter your Facebook account without any problems. As long as they know how to exploit the SS7 flaw and remember this flaw has nothing to do with Facebook but an issue with the so-called Signaling System Number 7.
The SS7 flaw has been discovered to be a pathway for many hacking attempts, ranging from listening in on phone calls to sending and receiving text messages.
But the latest revelation is that it can also be used for hijacking social media accounts which have a phone number provided on them.
The Signaling System Number 7, SS7 in short, is a signaling protocol being used by 800 telecom operators worldwide as their tool of exchanging information amongst themselves. Information such as cross-carrier billing, roaming enablement and other features all work through SS7.
—– SS7 VULNERABILITY—-
What does SS7 normally do?
SS7 is a set of protocols allowing phone networks to exchange the information needed for passing calls and text messages between each other and to ensure correct billing. It also allows users on one network to roam on another, such as when travelling in a foreign country.
What can access to SS7 enable hackers to do?
Once they have access to the SS7 system, a hacker can essentially have access to the same amount of information and snooping capabilities as security services.
They can transparently forward calls, giving them the ability to record or listen in to them. They can also read SMS messages sent between phones, and track the location of a phone using the same system that the phone networks use to help keep a constant service available and deliver phone calls, texts and data.
Who is affected by the vulnerability?
Should a hacker gain entry to the SS7 system on any number of networks, or if they are used by a law enforcement agency as part of its surveillance, anyone with a mobile phone could be vulnerable.
What’s being done about it?
Since the exposure of security holes within the SS7 system, certain bodies, including the mobile phone operators’ trade association, the GSMA, have set up a series of services that monitor the networks, looking for intrusions or abuse of the signalling system.
Mobile phone networks have also employed security contractors, including the German security researcher, Karsten Nohl, who uncovered the flaw in 2014 and demonstrated it for 60 Minutes, to perform analysis of the SS7 systems in use to try and prevent unauthorised access.
Nothing is hack-proof, however, and their success will likely be on a network-by-network basis. Reportedly, recent security testing of SS7 by an operator in Luxembourg took Norway’s largest network operator offline for over three hours due to an “unexpected external SS7 event”.
What are the implications for users?
The risk of surveillance of your average user, given the billions of mobile phone users across the globe, is small. Those in a place of power, within organisations or government, could be at risk of targeting, as all that’s required to perform the surveillance is access to the SS7 system and a phone number.
One of the biggest dangers, beyond someone listening to calls and reading text messages, is the interception of two-step verification codes that are often used as a security measure when logging into email accounts or other services sent via text message.
Banks and other secure institutions also use phone calls or text messages to verify a user’s identity, which could be intercepted and therefore led to fraud or malicious attacks
– – – – – – – – – – – – – – – –
The one problem with SS7, however, is that it trusts all messages sent to it without checking the origin.
Therefore, hackers can simply divert any messages or calls from the SS7 network to their own devices by simply tricking it.
All that is needed for this technique to work is the victim’s phone number, and they can start their snooping.
Recently, it has been revealed that messenger apps such as WhatsApp and Telegram which promote the end-to-end encryption can still be hacked because they use phone numbers to register people.
And now it is Facebook which can be hacked.
Hackers simply have to go to the “Forgot Account?” link on the Facebook page.
When they are asked about any phone number or email to retrieve their lost password from, the hackers would have to put a legitimate phone number.
After this, the SS7 flaw comes into play, and the hackers can divert the message containing the one-time password received to their own devices, and after that, they can log into the victim’s Facebook account.
As long as a user has registered on Facebook with a phone number, then they might encounter problems.
The researchers also noted that the same technique can potentially hack any service at this point which uses SMS to verify the user accounts.
Smartphone users at this moment can only follow some few guidelines to keep themselves safe.
- Use 2FA system without the need for SMS texts.
- Do not link phone numbers to social media accounts
- Use other communication apps that do not require phone numbers to work but rather end-to-end encryption.