Skip to main content

Here is how to hack WhatsApp, Telegram or Facebook using SS7 flaw

Here is how to hack WhatsApp, Telegram or Facebook using SS7 flaw


Here is how to hack WhatsApp, Telegram or Facebook using SS7 flaw


Earlier we had reported how easy it is for hackers and cyber criminals to hack WhatsApp and Telegramand view victims messages using the SS7 flawdespite both having strong end-to-end encryption. Now it seems that hackers can exploit the SS7 flaweven to hack into your Facebook. Worryingly, the hackers only need you mobile number to hack your Facebook account.
Researchers have proven just that by taking control of a Facebook account with only a phone number and some hacking skills to exploit the SS7 network, a core piece of telecoms infrastructure shown to be vulnerable repeatedly over the last half decade.
The vulnerability lies in Signalling System 7, or SS7, the technology used by telecom operators, on which the highly secure messaging system and telephone calls rely. SS7 is a set of telephony signalling protocols developed in 1975, which is used to set up and tear down most of the world’s public switched telephone network (PSTN) telephone calls. It also performs number translation, local number portability, prepaid billing, Short Message Service (SMS), and other mass market services.
In addition, eavesdropping is possible by using the protocol to forward calls and also facilitate decryption by requesting that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded. Researchers created a tool (SnoopSnitch) which can warn when certain SS7 attacks occur against a phone and detect IMSI-catchers.

Here is how the Facebook hack works

The hackers just have to the network by exploiting the SS7 flaw to spoof the victim. Once the network is fooled, the hacker has to use the Facebook’s “Forgot Account?” link on the Facebook.com homepage.
The hacker than has to fool Facebook into believe he is the real owner instead of the victim. When asked for an email address or phone number linked to the target account, the hacker provides the legitimate number. When Facebook sends a one-time passcode, the network which has already been spoofed by the hacker, send the code to their phone or PC.
One the hacker has access to to the passcode, the victim’s Facebook account is as good as gone. Researchers have detailed the entire Facebook hacking process in the video below :

Why is SS7 not patched by the networks

Despite of the knowledge that the SS7 is vulnerable to hacking since 2008, why are different networks not patching it? The answer lies in the politics and global dynamics. Many governments would prefer to keep the flaw unpatched so that they can spy on dissidents, political activists and terrorists. The patch for the SS7 flaw has to be initiated in each and every network on Earth and this is pretty difficult considering the geographies. In 2014, the media reported a protocol vulnerability of SS7 by which both government agencies and non-state actors can track the movements of cell phone users from virtually anywhere in the world with a success rate of approximately 70%.
It would take a 9/11 type attack using the SS7 flaw to make the world governments understand the severity of SS7 flaw to patch it. Till then, if your WhatsApp, Telegram or Facebook is hacked, you know who to blame.
NOTE - For Education Purpose 

Comments

Popular posts from this blog

Top 8 Best WhatsApp Tips And Tricks Of 2017

Top 8 Best WhatsApp Tips And Tricks Of 2017 M illions of people are using WhatsApp these days. It is as popular as Facebook, Twitter or Instagram. With millions of users, we can presume that most of the people at least use it once in a day. And everybody thinks that they know everything about WhatsApp. Maybe some of them do. But most of the people doesn’t, because technology won’t stop. There are always more tips and tricks which you can learn and use anytime. So that’s why today I am going to tell you about Top 8 Best And Cool WhatsApp Tips And Tricks which will definitely help you to become WhatsApp pro. So check out the Tricks in the description below. Top 8 Best WhatsApp Tips And Tricks Of 2017 1. Create Chat Shortcuts If you are chatting with 2 or 3 people at the same time on WhatsApp like with your girlfriend, wife, and with others, it won’t be easy to manage all those chats. So to make it easy, you can create conversation shortcuts to your home screen so that you don’t need to o...

Why Does 64-Bit Windows Need a Separate “Program Files (x86)” Folder ?

Why Does 64-Bit Windows Need a Separate “Program Files (x86)” Folder ? Why Does 64-Bit Windows Need a Separate “Program Files (x86)” Folder ? If you are currently running any version of 64-bit windows operating system, you might have noticed that there is two types of programs files. One is the regular program files and another one is programs files (X86). Well, in this article, I am going to delineate between these folders and help you to understand why Windows really need both of them. 32-bit and 64-bit Computers and Windows Since the mid of 90s, almost all PC were running on 32-bit Windows. But after the release of Windows 7, the sales of 64-bit Windows computer started and there were two programs files have installed in 64-bit Windows 7 computers. 64-bit PCs gained more popularity with times over 32-bit PCs. People will prefer 64-bit computers because they can handle much more RAM (memory) and they are generally faster because they use more advance...

A Lone Hacker Defaces The Google Brazil Domain, Google.com.br Unavailable To Brazilians

A Lone Hacker Defaces The Google Brazil Domain,  Google . com .br Unavailable To Brazilians Google . com .br was hacked by a lone hacker on Tuesday afternoon. The hacker left a deface page along with a message on the targeted Google Domain greetings his friends for the successful attack on such a highly reputed domain. This is the 2 nd  time in a week, when  Google . com .br has hacked after the Google Bangladesh website is hacked by Pakistani hackers. Here’s the full preview of the defaced page, “It was a great moment to die.” Hacked by Kuroi’SH! Too Google at once, I don’t even care; f**k the jealous hates such as Nofawkx. Two Google at once world record idgaf :D. Greets to my friends Prosox & Shinobi h4xor.” Google Brazil immediately tried to restore the hacked website, but unable to gain control as the domain. But now  Google . com .br is available to visitors. According to Brazil media reports, the Google Brazil users were getting the defaced message from Ku...