SAMHACKERSWORLD

Learn hacking online with SAMHACKERSWORLD free ethical hacking course. We will teach you everything you need to start your career in penetration testing. If you are a beginner and need to learn how to hack, the information provided in this post can surely help you out. Why wait? Become a hacker today!

Breaking

LightBlog

Thursday 25 June 2020

Home / Account / Alternative / Bypass / Cracking / Facebook / FB / Forgot Password / Hack / Hacking / Hidden / Hide / How To / Kali Linux / How to hack Facebook with just a phone number 2020

How to hack Facebook with just a phone number 2020

by on in , , , , , , , , , , , ,

How to hack Facebook with just a phone number 2020

A flaw in the SS7 protocol makes hacking Facebook accounts easier than you'd think.

facebook-phone-number-hack.jpg


It is possible to compromise Facebook accounts using little more than a phone number, researchers have warned.

A security team from Positive Technologies claims that if you know the phone number of your intended victim, you can break into their linked Facebook account thanks to security flaws in the SS7 protocol.

As reported by Forbes, there is a segment of core telecommunications infrastructure which has been left vulnerable to exploit for the last half decade.

SS7 is a protocol developed in 1975 which is used worldwide to define how networks in a public switched telephone network (PSTN) exchange information over a digital signaling network. However, a network based on SS7 will, by default, trust messages sent over it -- no matter where the message originated from.

The security flaw lies within the network and how SS7 handles these requests, rather than a bug on Facebook's platform. All cyberattackers need to do is to follow the "Forgot account?" procedure through Facebook's homepage, and when asked for a phone number or email address, offer the legitimate phone number.

Once Facebook has sent along an SMS message containing the one-time code used to access the account, the SS7 security flaw can then be exploited to divert this code to the attacker's own mobile device, granting them access to the victim's account.

Positive Technologies provided a proof-of-concept (PoC) video demonstrating the attack, which can be viewed below:


The victim must have linked their phone number to the target account, but as the security flaw is found within the telecommunications network and not online domains, this attack will also work against any web service which uses the same account recovery procedure -- such as Gmail and Twitter.

Two-step verification is becoming more and more crucial, but until vulnerabilities in telecom services are fixed, using email recovery methods may be the best way to go -- as well as the use of very strong, complex passwords for any main 'hub' email accounts you use to maintain other online services.


Author Image

About Siddharth Mishra
Siddharth Kumar Mishra is a Civil Engineer and IT Expert and Ethical Hacker and also an Actor and Youtuber and blogger.

Related Posts:
By at
Labels: , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Adbox