Posted by : Siva Priya Thursday, 16 June 2016

By exploiting the SS7 flaw, a hacker can hack someone’s Facebook account just by knowing the associated phone number. This flaw allows a hacker to divert the OTP code to his/her own phone and use it to access the victim’s Facebook account. The security researchers, who have explained the hack in a video, advise the users to avoid adding their phone numbers to the public services.

Facebook hacking is also one of the most commonly searched terms on the internet. However, very often people become a victim of malware while searching for Facebook hacking tools.
As we continue to deploy new safety measures to secure our online accounts, hackers and security researchers continue to find new ways to control Facebook accounts.

Recently, we told you how an Indian security researcher spotted a bug in the Facebook website and got $15,000 bug bounty.

Today, we are going to tell you how hackers can hack any Facebook account just by knowing the associated phone number and exploiting an issue with SS7 network.

For those who don’t know, SS7 network (Signalling System Number 7) is a communication protocol that’s used worldwide by the cellphone carriers.

Using a flaw in SS7, hackers can divert the text messages and calls to their own devices. This hacking technique has been shared as a proof-of-concept video by the security researchers from Positive Technologies.

How To  Facebook Account By Knowing Phone Number (Video):
This flaw affects all Facebook users who have associated a phone number with their Facebook accounts.

https://www.youtube.com/watch?v=wc72mmsR6bM
In the demonstration video, the security researchers show that as the first step of the hack, the attacker needs to click on the “Forgot account?” button on Facebook.com website’s homepage.

When Facebook prompts the hacker to enter an email address or phone number, he/she should enter the correct number associated with the account.

By exploiting the SS7 flaw, the hacker is able to divert the OTP message from Facebook to his/her own computer and use it to login to the victim’s Facebook.

The researchers list some measures that a user can take to secure his/her Facebook account. They advise people to avoid adding their phone numbers to public services and rely on email for recovery purposes.

The users are also advised to use 2-factor authentication methods that don’t use SMS texts for sending OTP.

Leave a Reply

Subscribe to Posts | Subscribe to Comments

Follow by Email

Total Pageviews

- Copyright © REDBACK COUNCIL - RISC -- Powered by Redback - Designed by Redback Council -