The social media giant facebook is very well known for its security features. The number of google searches on how to hack facebook is enormous. But do you know that an old but still working flaw can exploit to hack our facebook accounts using just our phone number?! But here the flaw is not actually relies on facebook. Its on our tele communication ss7 network(signaling system 7).
SS7(signaling system 7) Flaw
Ss7 is a set of protocols that are used to control world’s pstn(public switched telephone network is the world’s collection of interconnected voice-oriented public telephone networks, both commercial and government-owned.) the ss7 technology is responsible for mobile number portability, prepaid payments, SMS and number translation. The messaging service highly relies on ss7. The flaw was actually discovered in 2008 but it was publicly published in 2014. And a real world attack was reported in this year for stealing money from the bank accounts. It is been said that the governments and the politicians uses this vulnerability to surveil on millions of people. Also it impossible or impractical to patch all networks in the world. So any one having a little tech knowledge can hack facebook and other social media services easily with just a phone number.
How to Hack Facebook Account With SS7 Flaw
One would argue that since Facebook has a password, it would be harder to hack. Due to the SS7 flaw, the hacker will not need your Facebook Password. Just like in the cases of Whatsapp and Telegram, the telecom network is duped into believing you have the victim’s phone number. Yours will be an easy task of clicking on ‘Forgot Password’.
Facebook will prompt you to enter an email address or phone number to change the password. You will provide the owner’s legitimate number. A password reset code will be sent to your number. After resetting the password you will have full control of the victim’s Facebook account. What an easy Facebook hack!
Lets watch a video demonstrating the working. It was publishes by forbes.
What Smart Phone users can do for preventing these attacks
- Do not link your phone number to social media sites, rather rely solely on emails to recover your Facebook or other social media accounts.
- Use two-factor authentication that does not use SMS texts for receiving codes.
- Use communication apps that offer “end-to-end encryption” to encrypt your data before it leaves your smartphone over your phone’s standard calling feature.