How to hack Facebook with just a phone number

Researchers warn that Facebook accounts can be compromised using only phone numbers.

security team positive technology It claims that thanks to a security flaw in the SS7 protocol, it is possible to compromise the linked Facebook account by knowing the target victim’s phone number.

As Forbes reportedOver the past five years, parts of our core communications infrastructure have been vulnerable to exploitation.

SS7 is a protocol developed in 1975 and used worldwide to define how networks within the Public Switched Telephone Network (PSTN) exchange information over digital signaling networks. However, SS7-based networks by default trust messages sent over SS7, regardless of the origin of the message.

The security flaw is not a bug in the Facebook platform, but the way the network and SS7 handle these requests. All a cyber attacker needs to do is follow “Forgot your account?” Follow the procedure from Facebook’s homepage, and if you are asked for a phone number or email address, tell the official phone number.

When Facebook sent an SMS message containing a one-time code used to access an account, an SS7 security flaw was exploited to transfer this code to the attacker’s own mobile device, allowing it to access the victim’s account. Access may be granted.

Positive Technologies provided a proof of concept (PoC) video demonstrating the attack. You can see this below.

https://www.youtube.com/watch?v=wc72mmsR6bM

Victims should have linked their phone numbers to the targeted account, but the security flaw was found within the telecommunications network rather than the online domain, so the attack could spread to all websites using the same account recovery procedures. It also works for services (such as Gmail). and Twitter.

Two-factor authentication is becoming more and more important, but until vulnerabilities in communication services are fixed, electronic Using the email recovery method may be your best bet. Email accounts used to maintain other online services.