Hacking Facebook account is one of the major queries on the Internet
today. It's hard to find — how to hack Facebook account, but
researchers have just proven by taking control of a Facebook account
with only the target's phone number and some hacking skills.
Yes, your Facebook account can be hacked, no matter how strong your
password is or how much extra security measures you have taken. No
Hackers with skills to exploit the SS7 network can hack your Facebook
account. All they need is your phone number.
The weaknesses in the part of global telecom network SS7 not only let
hackers and spy agencies listen to personal phone calls and intercept
SMSes on a potentially massive scale but also let them hijack social
media accounts to which you have provided your phone number.
SS7 or Signalling System Number 7 is a telephony signaling protocol
that is being used by more than 800 telecommunication operators
worldwide to exchange information with one another, cross-carrier
billing, enabling roaming, and other features.
However, an issue with the SS7 network is that it trusts text messages
sent over it regardless of their origin. So, malicious hackers could trick
SS7 into diverting text messages as well as calls to their own devices.
All they need is the target’s phone number and some details of the
target’s device to initiate the silent snooping.
The researchers from Positive Technologies, who recently showed
how they could hijack WhatsApp and Telegram accounts, now gave
the demonstration of the Facebook hack using similar tricks, Forbes
SS7 has long been known to be vulnerable , despite the most advanced
encryption used by cellular networks. The designing flaws in SS7 have
been in circulation since 2014 when the team of researchers at German
Security Research Labs alerted the world to it.
Here’s How to Hack Any Facebook Account:
The attacker first needs to click on the "Forgot account?" link on the
Facebook.com homepage. Now, when asked for a phone number or
email address linked to the target account, the hacker needs to provide
the legitimate phone number.
The attacker then diverts the SMS containing a one-time passcode
(OTP) to their own computer or phone, and can login to the target’s
The issue affects all Facebook users who have registered a phone
number with Facebook and have authorized Facebook Texts.
Besides Facebook, researchers’ work shows that any service, including
Gmail and Twitter, that uses SMS to verify its user accounts has left
open doors for hackers to target its customers.
Although the network operators are unable to patch the hole sometime
soon, there is little the smartphone users can do.
Do not link your phone number to social media sites, rather
rely solely on emails to recover your Facebook or other
social media accounts.
Use two-factor authentication that does not use SMS texts
for receiving codes.
Use communication apps that offer "end-to-end encryption"
to encrypt your data before it leaves your smartphone over
your phone's standard calling feature.
Update: However, the important thing to note is that the issue has
actually nothing to do with Facebook security or other website's
security, instead it is the weakness in the telecom network.
"Because this technique [SSL exploitation] requires significant
technical and financial investment, it is a very low risk for most
people," Facebook spokesperson told The Hacker News.
"As an added precaution, we recommend turning on two-factor
authentication, called Login Approvals, in your Facebook security
settings. Doing this will disable recovery via SMS on your account
so even if someone has your phone number, they'll still need your
password to access your account."
Need Tech Help? Click Here To Join Our Live Online Radio Show
Wanna Leave Without Sharing This? It's not fair