Crime and technology: Facebook users fall victim to hackers
THOUSANDS of Zimbabwean Facebook users are reporting daily that their accounts have been hacked after strange messages are sent from their profiles with the latest victim being prominent businessman Nigel Chanakira.
How was my Facebook account hacked? That’s the question everyone who contacts us always asks.
Facebook is a popular social network that makes it easy for users to connect and share posts with friends and family.
There are about one billion users of Facebook, which is about one-sixth of the world’s population.
So when someone hacks an account, they attack one in six people on the planet. And it has become easy for hackers to attack Facebook accounts.
Our research has been able to prove that as long as someone has a mobile number of their target, they can take control of that person’s Facebook account. The attacker only needs some basic hacking skills.
There is a belief that Facebook will put measures in place to protect your account.
The most common method used by hackers is through the Signaling System Number 7 (SS7) network; hackers can enter any F Facebook account without a fight.
As long as one knows how to exploit the SS7 bug; and remember that this error has nothing to do with Facebook, but a problem with the so-called SS7.
The SS7 flaw has been discovered to be an avenue for many hacking attempts, ranging from listening in on mobile phone calls to sending and receiving text messages.
But the latest revelation is that it can also be used to hijack social media accounts, which have a mobile phone number.
SS7, in short, is a signaling protocol used by 800 telecom operators worldwide as their means of exchanging information. Information, such as billing across operators, activation of roaming and other functions work through SS7.
However, a problem with SS7 is that it trusts all messages sent to it without checking its origin.
Therefore, hackers can simply divert any messages or calls from the SS7 network to their own devices by simply tricking it.
All that is needed for this technique to work is the victim’s cell phone number; and they can start snooping.
Recently, it has been revealed that messenger apps, such as WhatsApp and Telegram, which promote end-to-end encryption, can still be hacked because they use mobile phone numbers to register people. And now Facebook is under attack.
Hackers need to go to “Forgot account?” link on the Facebook page.
When asked for any mobile number or email to recover the lost password, the hackers must add a legitimate mobile number.
After this, the SS7 bug kicks in and the hackers can forward the message containing the OTP received to their own device.
Afterwards, they can log into the victim’s Facebook account.
As long as a user has registered on Facebook with a mobile phone number, they may encounter problems.
The researchers noted that the same technique could potentially hack any service at this time that uses SMS to verify user accounts.
In Europe and the US, Facebook recently introduced a new captcha security feature that asks users to upload a clear photo to verify their account and unlock a locked account.
This means the social media giant is trying new ways to secure user accounts from hackers.
As long as you are connected, you are not 100% safe.
If you need more information, you can contact me at +263772278161 or [email protected]
Mutisi is the CEO of Hansole Investments (Pvt) Ltd. He is the current chairman of Zimbabwe Information & Communication Technology, a division of the Zimbabwe Institution of Engineers.