Crime & Tech: Facebook users fall victim to hackers


THOUSANDS of Zimbabwean Facebook users report daily that their accounts have been hacked after strange messages are sent from their profiles with the latest victim being prominent businessman Nigel Chanakira.

How was my Facebook account hacked? That is the question that everyone who gets in touch with us always asks.

Facebook is a popular social networking site that makes it easy for users to connect and share posts with their friends and family.

There are about a billion users of Facebook, which constitutes about a sixth of the world’s population.

So when someone is hacking an account, they are attacking one in every six people on the planet. And it has become easy for hackers to attack Facebook accounts. 

Our research has managed to prove that as long as someone has a cell phone number of their target, they can take control of the person’s Facebook account. The attacker just needs some basic hacking skills.

There is a belief that Facebook will put in measures to protect your account.

The most common method that hackers use is, through the Signaling System Number 7 (SS7) network; hackers can enter any F Facebook account without struggle.

As long as one knows how to exploit the SS7 flaw; and remember this flaw has nothing to do with  Facebook but an issue with the so-called SS7.

The SS7 flaw has been discovered to be a pathway for many hacking attempts, ranging from listening in on cellphone calls to sending and receiving text messages.

But the latest revelation is that it can also be used for hijacking social media accounts, which have a cell phone number.

The SS7, in short, is a signaling protocol used by 800 telecom operators worldwide as their tool of exchanging information. Information, such as, cross-carrier billing, roaming enablement and other features all work through SS7.

One problem with SS7, however, is that it trusts all messages sent to it without checking the origin.

Therefore, hackers can simply divert any messages or calls from the SS7 network to their own devices by simply tricking it.

All that is needed for this technique to work is the victim’s cell phone number; and they can start their snooping.

Recently, it has been revealed that messenger apps, such as, WhatsApp and Telegram, which promote end-to-end encryption can still be hacked because they use cell phone numbers to register people. And now it is Facebook under attack.

Hackers have to go to the “Forgot Account?” link on the  Facebook page.

When they are asked about any cell phone number or email to retrieve their lost password, the hackers have to add a legitimate cell phone number.

After this, the SS7 flaw comes into play, and the hackers can divert the message containing the one-time password received to their own device.

Afterwards, they can log into the victim’s  Facebook account.

As long as a user has registered on  Facebook with a cellphone number, they might encounter problems.

The researchers noted that the same technique can potentially hack any service at this point, which uses SMS to verify the user accounts.

In Europe and the USA,  Facebook recently introduced a new captcha security feature that asks users to upload a clear photo to verify the account and unlock a locked account.

This means the social media giant is trying new ways of securing user accounts from hackers.

As long as you are connected, you are not 100% secure.

If you need any further information, you can contact me on +263772278161 of [email protected]

Mutisi is the CEO of Hansole Investments (Pvt) Ltd. He is the current chairperson of Zimbabwe Information & Communication Technology, a division of Zimbabwe Institution of Engineers.


Related Topics