Here is how to hack Facebook using SS7 flaw

Hackers can use SS7 flaw to steal your Facebook account with just your number

Earlier we had reported how easy it is for hackers and cyber criminals to hack WhatsApp and Telegram and view victims messages using the SS7 flaw despite both having strong end-to-end encryption. Now it seems that hackers can exploit the SS7 flaw even to hack into your Facebook. Worryingly, the hackers only need you mobile number to hack your Facebook account.

Researchers have proven just that by taking control of a Facebook account with only a phone number and some hacking skills to exploit the SS7 network, a core piece of telecoms infrastructure shown to be vulnerable repeatedly over the last half decade.

The vulnerability lies in Signalling System 7, or SS7, the technology used by telecom operators, on which the highly secure messaging system and telephone calls rely. SS7 is a set of telephony signalling protocols developed in 1975, which is used to set up and tear down most of the world’s public switched telephone network (PSTN) telephone calls. It also performs number translation, local number portability, prepaid billing, Short Message Service (SMS), and other mass market services.

In addition, eavesdropping is possible by using the protocol to forward calls and also facilitate decryption by requesting that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded. Researchers created a tool (SnoopSnitch) which can warn when certain SS7 attacks occur against a phone and detect IMSI-catchers.

Here is how the Facebook hack works

The hackers just have to the network by exploiting the SS7 flaw to spoof the victim. Once the network is fooled, the hacker has to use the Facebook’s “Forgot Account?” link on the Facebook.com homepage.

The hacker than has to fool Facebook into believe he is the real owner instead of the victim. When asked for an email address or phone number linked to the target account, the hacker provides the legitimate number. When Facebook sends a one-time passcode, the network which has already been spoofed by the hacker, send the code to their phone or PC.

One the hacker has access to to the passcode, the victim’s Facebook account is as good as gone. Researchers have detailed the entire Facebook hacking process in the video below :

Why is SS7 not patched by the networks

Despite of the knowledge that the SS7 is vulnerable to hacking since 2008, why are different networks not patching it? The answer lies in the politics and global dynamics. Many governments would prefer to keep the flaw unpatched so that they can spy on dissidents, political activists and terrorists. The patch for the SS7 flaw has to be initiated in each and every network on Earth and this is pretty difficult considering the geographies. In 2014, the media reported a protocol vulnerability of SS7 by which both government agencies and non-state actors can track the movements of cell phone users from virtually anywhere in the world with a success rate of approximately 70%.

It would take a 9/11 type attack using the SS7 flaw to make the world governments understand the severity of SS7 flaw to patch it. Till then, if your WhatsApp, Telegram or Facebook is hacked, you know who to blame.

Also read: This Hack Tool Uses SS7 Flaw to Trace Call, Location Of Every Single Mobile Phone

7 COMMENTS

  1. in this above tutorial what are the required to tools that are to be used??
    i have wireshark present in my kali linux (VM)
    bu when im trying this tutorial i cant understand from where and how the ss7 scanner is used..
    can u please mail me the above required tools to perform this tutorial.
    please help me

    • “SS7 is a set of telephony signalling protocols developed in 1975, which is used to set up and tear down most of the world’s public switched telephone network (PSTN) telephone calls. It also performs number translation, local number portability, prepaid billing, Short Message Service (SMS), and other mass market services.”

      I think you have to be in the phone operator internal network to have an access to SS7 signal, lay in the plain old telephone system.
      I guess this method will not be usable in near future.

LEAVE A REPLY

Please enter your comment!
Please enter your name here