There are about a billion users of Facebook nowadays which constitutes to about a sixth of the world’s population. So when someone is hacking an account, they are attacking one in every six people on the planet. And it has become pretty easy for hackers to hack into Facebook accounts. Researchers managed to prove that as long as someone has a phone number of the target, then they can certainly take control of the person’s Facebook account. Of course, the attacker would need some few hacking skills.
All they need is a mobile number linked to your Facebook account
It’s pretty scary when you think about it because at the end of the day you will think that you have put all the measures possible to protect your account only to realize that it might be futile. Through the SS7 network, hackers can enter your Facebook account without any problems. As long as they know how to exploit the SS7 flaw and remember this flaw has nothing to do with Facebook but an issue with the so-called Signaling System Number 7.
The SS7 flaw has been discovered to be a pathway for many hacking attempts, ranging from listening in on phone calls to sending and receiving text messages. But the latest revelation is that it can also be used for hijacking social media accounts which have a phone number provided on them. The Signaling System Number 7, SS7 in short, is a signaling protocol being used by 800 telecom operators worldwide as their tool of exchanging information amongst themselves. Information such as cross-carrier billing, roaming enablement and other features all work through SS7.
The one problem with SS7, however, is that it trusts all messages sent to it without checking the origin. Therefore, hackers can simply divert any messages or calls from the SS7 network to their own devices by simply tricking it. All that is needed for this technique to work is the victim’s phone number, and they can start their snooping.
Recently, it has been revealed that messenger apps such as Whatsapp and Telegram which promote the end-to-end encryption can still be hacked because they use phone numbers to register people. And now it is Facebook which can be hacked.
Hackers simply have to go to the “Forgot Account?” link on the Facebook page. When they are asked about any phone number or email to retrieve their lost password from, the hackers would have to put a legitimate phone number. After this, the SS7 flaw comes into play, and the hackers can divert the message containing the one-time password received to their own devices, and after that, they can log into the victim’s Facebook account.
As long as a user has registered on Facebook with a phone number, then they might encounter problems.
The researchers also noted that the same technique can potentially hack any service at this point which uses SMS to verify the user accounts.
Smartphone users at this moment can only follow some few guidelines to keep themselves safe.
• Use 2FA system without the need for SMS texts.
• Do not link phone numbers to social media accounts
• Use other communication apps that do not require phone numbers to work but rather end-to-end encryption.