[Sept 03, 2018]
Researchers have demonstrated how to hack anyone’s Facebook account with just their phone number.
Recently, it has been revealed that messenger apps such as WhatsApp and Telegram which promote the end-to-end encryption can still be hacked because they use phone numbers to register people. And now it is Facebook which can be hacked.
Hackers simply have to go to the “Forgot Account?” link on the Facebook page. When they are asked about any phone number or email to retrieve their lost password from, the hackers would have to put a legitimate phone number. After this, the SS7 flaw comes into play, and the hackers can divert the message containing the one-time password received to their own devices, and after that, they can log into the victim’s Facebook account.
As long as a user has registered on Facebook with a phone number, then they might encounter problems. The researchers also noted that the same technique can potentially hack any service at this point which uses SMS to verify the user accounts.
Cyber Security Tips:
- Use 2FA system without the need for SMS texts.
- Do not link phone numbers to social media accounts
- Do not fall for phishing scam and never click on links from an unknown sender
- Never download files from an unknown email as it can be a malware
- Use other communication apps that do not require phone numbers to work but rather end-to-end encryption.