Makerere University

Enter a keyword or two into the search box above and click search..

Hacking Facebook Account by Simply Knowing Account Phone Number

You are here

How to hack a Facebook account? that’s an answer everyone wants to know. Though there are many ways to get into someone’s Facebook these researchers have demonstrated how to hack anyone’s account with just their phone number!

There are about a billion users of Facebook nowadays which constitutes to about a sixth of the world’s population. So when someone is hacking an account, they are attacking one in every six people on the planet. And it has become pretty easy for hackers to hack into Facebook accounts. Researchers managed to prove that as long as someone has a phone number of the target, then they can certainly take control of the person’s Facebook account. Of course, the attacker would need some few hacking skills.

It’s pretty scary when you think about it because at the end of the day you will think that you have put all the measures possible to protect your account only to realize that it might be futile. Through the SS7 network, hackers can enter your Facebook account without any problems. As long as they know how to exploit the SS7 flaw and remember this flaw has nothing to do with Facebook but an issue with the so-called Signaling System Number 7.

So how to hack and what’s this flaw about? The SS7 flaw has been discovered to be a pathway for many hacking attempts, ranging from listening in on phone calls to sending and receiving text messages. But the latest revelation is that it can also be used for hijacking social media accounts which have a phone number provided on them. The Signaling System Number 7, SS7 in short, is a signaling protocol being used by 800 telecom operators worldwide as their tool of exchanging information amongst themselves. Information such as cross-carrier billing, roaming enablement and other features all work through SS7.

The one problem with SS7, however, is that it trusts all messages sent to it without checking the origin. Therefore, hackers can simply divert any messages or calls from the SS7 network to their own devices by simply tricking it. All that is needed for this technique to work is the victim’s phone number, and they can start their snooping.

Recently, it has been revealed that messenger apps such as WhatsApp and Telegram which promote the end-to-end encryption can still be hacked because they use phone numbers to register people. And now it is Facebook which can be hacked.

Hackers simply have to go to the “Forgot Account?” link on the Facebook page. When they are asked about any phone number or email to retrieve their lost password from, the hackers would have to put a legitimate phone number. After this, the SS7 flaw comes into play, and the hackers can divert the message containing the one-time password received to their own devices, and after that, they can log into the victim’s Facebook account.

As long as a user has registered on Facebook with a phone number, then they might encounter problems. The researchers also noted that the same technique can potentially hack any service at this point which uses SMS to verify the user accounts.

SS7 Attacks used to steal Facebook logins by Hackread

Remember, Facebook recently introduced a new captcha security feature that asks users to upload a clear photo of them to verify that the account belongs to them so it can unlock a locked account. This means the social media giant is trying new ways of securing user accounts from hackers and malicious elements.

However, smartphone users at this moment can follow some guidelines to keep their accounts safe:

Use a 2FA system without the need for SMS texts

Do not link phone numbers to social media accounts

Do not fall for a phishing scam and never click on links from an unknown sender

Never download files from an unknown email as it can be a malware

Use other communication apps that do not require phone numbers to work but rather end-to-end encryption.

Source  https://www.hackread.com/hacking-facebook-accounts-with-phone-number

 

Category: