17 Haziran 2016 Cuma

SS7 attacks used to steal Facebook logins

Hacking Facebook accounts by knowing phone numbers it is possible, a group of researchers from Positive Technologies demonstrated it.

“Researchers have proven just that by taking control of a Facebook account with only a phone number and some hacking skills to exploit the SS7 network, a core piece of telecoms infrastructure shown to be vulnerable repeatedly over the last half decade.” reported a blog post published on Forbes.

The hackers exploit a flaw in the SS7 protocol for hacking Facebook accounts just by knowing a victim’s phone number. The technique allows bypassing any security measure implemented by the giant of the social networks.

SS7 is a set of protocols used in telecommunications ever since the late 1970s, enabling smooth transportation of data without any breaches.

The security issue in the SS7 signalling system could be exploited by criminals, terrorists and intelligence agencies to spy on communications. The SS7 protocol allows cell phone carriers to collect location data related to the user’s device from cell phone towers and share it with other carriers, this means that exploiting the SS7 a carrier is able to discover the position of its customer everywhere he is.
The team of researchers from Positive Technologies is the same that recently demonstrated how to hack WhatsApp and Telegram accounts by leveraging on the SS7 protocol.

The attack method devised by the experts from Positive Technologies works against any service that relies on SMS to verify the user accounts, including Gmail and Twitter.



Hacking Facebook accounts is a reality, the attacker first needs to follow the “Forgot account?” procedure by clicking on a link present in the Facebook homepage. At this point, when asked for a phone number or email address belonging to the target account, the hacker needs to provide the legitimate phone number.
At this point, the attacker can exploit the flaw in the SS7 to hijack the SMS containing a one-time passcode (OTP) that is used to log in the target’s Facebook account.


Ref: http://securityaffairs.co/wordpress/48421/hacking/hacking-facebook-accounts-ss7.html
Ref:https://www.youtube.com/watch?v=wc72mmsR6bM

1 yorum:

  1. SS7 software available to limited number of users

    SMS interception only software $100

    SMS /call Voice recording $350

    2Factor Authentication /location tracking $500

    Read and intercept SMS /phone calls / 2 factor authentications etc

    PS: this software is not be used for criminal activites
    we will not be responsible for any charges you face for involving in illegal activities.

    NO trial version, For educational purposes and for serious buyers only , do not respond to email if you have no intention to purchase

    Eail: fenzy67@gmail.com

    https://bloggerkingindia.blogspot.com/2017/03/hacking-whatsapp-with-ss7-flaw-signal.html



    I can create a fake facebook login page

    fake linkedin login page

    fake coinbase login page

    fake blockchain login page

    fake online banking login page

    fake gmail/yahoo mail and other mail login page

    learn how to use Unsubscribe options to obtain email and password

    Using hhp+html codes.... my delivery time =4hours

    informations will be delivered to you preffered email addresses

    serious enquiries only
    Strickly for educational purposes


    Eail: fenzy67@gmail.com



    YanıtlaSil