HOME
Breaking News

It Is Easy To Hack Any Social Media Account by Sending SMS

by VARINDIA 2020-01-09
It Is Easy To Hack Any Social Media Account by Sending SMS

Hacking social media accounts is something everyone wants to learn but is it very tough to hack servers of Facebook , Instagram TikTok, Twitter and Linkedin etc. to get the password.

 

The biggest vulnerability ever of social media platforms is humans. A recent security research has proved that it is fairly easy to hack Facebook, Twitter and other social media channels. There are several articles on the internet which talk about Facebook hacks, Instagram breaches and other social media hacks.

 

Social media platforms have implemented several security features. However, security researchers have shown that with minimal hacking skills and just by using a target’s phone number, hackers can breach a Facebook account. No matter how strong a password or security question you use, with a few hacks, hackers can hack the Facebook password of your account and take over your Facebook page.

 

Security analysts have discovered new Facebook hacks where hackers with skills to exploit the SS7 network can hack Facebook account in no time. All they need is your phone number. This weakness registered in the part of global telecom network SS7 allows cyber criminals to listen to and record personal phone calls, read SMSes.

 

In Box: A hacker first infects the mobile phone by sending a simple SMS, to influence the interest, after surveying his/her profile in social media and other sources. Once customer clicks to the offer, then he can easily enter to all the social media through the database, there is no need to hack any social media but hacker can have control on all the movements in the infected mobile.

 

What is SS7? Signalling System Number 7 (SS7) is a signaling protocol that is used extensively to send and receive information, cross-carrier billing, allow roaming on SIM cards and several other features. This signaling protocol is used by more than 800 telecommunication operators worldwide.

 

TikTok, Facebook, WhatApp is under intense scrutiny over users' privacy which is now under question mark.

 

The potential dangerous vulnerabilities that could have allowed remote attackers to hijack any user account just by knowing the mobile number of targeted victims. A report from Check Point says, that chaining multiple vulnerabilities allowed them to remotely execute malicious code and perform unwanted actions on behalf of the victims without their consent.


The reported vulnerabilities include low severity issues like SMS link spoofing, open redirection, and cross-site scripting (XSS) that when combined could allow a remote attacker to perform high impact attacks, including:

 

In the recent months, Check Point Research teams discovered multiple vulnerabilities within the TikTok application. The vulnerabilities described in this research allow attackers to do the following:

 

Get a hold of TikTok accounts and manipulate their content

Delete videos

Upload unauthorized videos

Make private “hidden” videos public

Reveal personal information saved on the account such as private email addresses

 

A recent report says , an attacker can send an SMS message to any phone number on behalf of TikTok with a modified download URL to a malicious page designed to execute code on a targeted device with already installed TikTok app.


When combined with open redirection and cross-site scripting issues, the attack could allow hackers to execute JavaScript code on behalf of victims as soon as they click the link sent by TikTok server over SMS, as shown in the video demonstration Check Point shared.

 

The technique is commonly known as cross-site request forgery attack, wherein attackers trick authenticated users into executing an unwanted action.


"With the lack of anti-Cross-Site request forgery mechanism, we realized that we could execute JavaScript code and perform actions on behalf of the victim, without his/her consent," the researchers said in a blog post published today.



"Redirecting the user to a malicious website will execute JavaScript code and make requests to Tiktok with the victims' cookies."



Check Point responsibly reported these vulnerabilities to ByteDance, the developer of TikTok, in late November 2019, who then released a patched version of its mobile app within a month to protect its users from hackers.



Advisory: If you are not running the latest version of TikTok available on official app stores for Android and iOS, you're advised to update it as soon as possible.

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Quick Heal aims to boost consumer business with new anti-fraud solution

Quick Heal aims to boost consumer business with new anti-fraud solution

CrowdStrike to buy startup Adaptive Shield to bolster SaaS security

CrowdStrike to buy startup Adaptive Shield to bolster SaaS security

Cybersecurity Awareness Gap Leaves Indian Organizations Vulnerable

Cybersecurity Awareness Gap Leaves Indian Organizations Vulnerable

SOFTWARE
View All
PhonePe & Bharat Connect to announce easy contributions for NPS

PhonePe & Bharat Connect to announce easy contributions for NPS

Elastic collaborates with LG CNS to enable innovation in knowledge management

Elastic collaborates with LG CNS to enable innovation in knowledge management

Veeam announces update to Veeam Backup for Salesforce on Salesforce AppExchange

Veeam announces update to Veeam Backup for Salesforce on Salesforce AppExchange

START - UP
View All
ideaForge Soars Past 550,000 Flights, Reinforcing Indian Drone Leadership

ideaForge Soars Past 550,000 Flights, Reinforcing Indian Drone Leadership

HCLTech and Inspeq AI Join Forces to Promote Responsible AI

HCLTech and Inspeq AI Join Forces to Promote Responsible AI

Whatfix and Deloitte India Partner to Drive Digital Adoption

Whatfix and Deloitte India Partner to Drive Digital Adoption

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Start-Up and Unicorn Ecosystem
Akamai launches ready-to-deploy, cloud-agnostic application platform

Akamai launches ready-to-deploy, cloud-agnostic application platform

AMD debuts Versal Premium Series Gen 2 SoCs to power data-intensive workloads

AMD debuts Versal Premium Series Gen 2 SoCs to power data-intensive workloads

NXP rolls out pioneering Ultra-Wideband wireless battery management system

NXP rolls out pioneering Ultra-Wideband wireless battery management system

Netpoleon India Partners with Cavisson Systems

Netpoleon India Partners with Cavisson Systems

Sasken Technologies to acquire Borqs Technologies

Sasken Technologies to acquire Borqs Technologies

Wipro Launches Gemini Experience Zone to Boost AI Innovation

Wipro Launches Gemini Experience Zone to Boost AI Innovation

Wipro partners with RELEX Solutions to enable clients optimize retail operations

Wipro partners with RELEX Solutions to enable clients optimize retail operations

Vertiv and NVIDIA Collaborate on Power and Cooling Solutions for GB200 NVL72

Vertiv and NVIDIA Collaborate on Power and Cooling Solutions for GB200 NVL72

Tech Titans Rally Behind Intel-AMD Partnership to Secure x86 Dominance

Tech Titans Rally Behind Intel-AMD Partnership to Secure x86 Dominance

LTTS announces AI Experience Zone built on NVIDIA AI

LTTS announces AI Experience Zone built on NVIDIA AI