Categories: Security

Your Facebook Can Be Hacked Using Your Phone Number

If you thought your online accounts were safe from hackers, think again. Hackers can now hack your Facebook account, bank account, and other online accounts through your phone number, thanks to an SS7 flaw. Thus, this isn’t an issue with the security of your favorite websites, nor an issue of having weak passwords: it’s an issue with attaching your phone number to your accounts. One of the easiest ways a hacker can get your phone number (if you don’t have it visible online) is by stealing your phone. Ensure that a thief can’t discover your phone number — or access your personal information — by activating Anti-Theft on your device:

With Anti-Theft activated in advance, you’ll be able to protect your device, and all of the online accounts attached to your phone, in the event of loss or theft. You can use Anti-Theft to remotely block anyone from accessing your device, erase all of your data, sound an alarm (if you lost it nearby) and track your phone’s location. It’s an easy step to take to further protect your device against thieves or hackers.

Read More: Can Someone Hack My Android’s Bluetooth?

The SS7 Vulnerability

SS7, also known as the global signaling system, is a protocol suite that allows devices to communicate with one another worldwide. SS7 vulnerabilities are what allow hackers and spies to intercept text messages, listen to others’ phone calls, and track smartphone users’ locations. This means that they can intercept a text message to reset your password, or even divert texts to their devices to gain access to your account.

How Hackers Can Use Your Phone Number

For hackers that know how to use SS7 to their advantage, it’s very simple to hack online accounts through a victim’s phone number. All they need to do is go to the Facebook homepage, click on “Forgot account?”, and then type in your phone number. Then, they’ll redirect the text message (that you should receive) to them, so that they get your one-time password to log into your account. This same strategy can be used to access your Gmail account or other social networking accounts, too.

More recently, this strategy has been used to hack bank accounts and drain victims’ accounts instantly. However, this process is slightly more complicated than hacking into a Facebook account. Hackers first have to steal victims’ passwords, phone numbers, and account information. Then, to authorize the transfer of money, they have to get a fake telecom provider in order to redirect the bank’s one-time password to them. Once they have this information, they can log onto victims’ accounts to transfer the money and approve the transfer because they control the whole process.

How to Protect Your Online Accounts

Because of this SS7 flaw, it’s important to never attach your phone number to your Facebook account or other online accounts. For account recovery, you should instead choose to receive email alerts. This goes for two-factor authentication, as well. Two-factor authentication will make your account much more secure — as long as you receive codes via email, not text message. You may also want to use apps that offer end-to-end encryption — in addition to activating Anti-Theft — to better protect your personal information.

 

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Vulnerabilities in Cyber Security: what they are and how to fix them?

Learn all about one of the hackers' favorite breach method and keep your company safe…

1 year ago

3 ways to recover deleted photos on Android

Have you ever wondered how to recover deleted photos on Android? After all, the lack…

1 year ago

What is worm?

Digital worms are among the most serious threats in the wild kingdom of the Internet.

2 years ago

Spoofing: What’s it all about?

Spoofing is a fairly sophisticated virtual scam that can fool even the most cautious and…

2 years ago

Careful With That QR Code! Five Steps For QR Code Safety

Five Steps to Reduce QR Code Risk! Step one? Read this article…

2 years ago

Pharming: Phishing’s Nasty Big Brother

Pharming is creating a new, dangerous brand of impostor syndrome. Check how to avoid pharming…

2 years ago