Hacking Facebook Accounts using linked Phone number



So you are using a very long password with numbers, special characters and Capital letters just to make sure no one can hack your account. But what if I tell you that someone can hack your account regardless of how strong your password is? Yes It’s true!

Hackers with skills to exploit SS7 network just need to know your cellphone number to take over your account.

What is SS7

SS7 or Signaling System Number 7 is telephony signaling protocol used by hundreds of telecommunication operators around the world

Apparently SS7 has a vulnerability that let hackers spy on you by listening to your phone calls and even intercept text messages (SMS).

The issue about SS7 is that it trust text messages sent over it regardless of the origin. That’s why hackers can trick SS7 into diverting SMS and even calls to their own devices.

So if the hacker knows your phone number, then they can receive text messages and calls being sent to you using the SS7 vulnerability.

How to Hack FB Account using SS7 vulnerability

First, the hacker needs to click on the Forgot Account? link on the facebook login page. Then the hacker will then provide the targets phone number when asked.

The hacker will then divert the SMS from the targets phone number to their own device where facebook will send the one-time passcode.

Watch the demo below.

Conclusion

  • This issue affects all other services that uses SMS for account recovery.
  • Users who didn’t link their phone numbers to their account doesn’t have to worry about this issue.

This issue will surely be patch anytime soon. 😀