It Is Easy To Hack Any Social Media Account by Sending SMS
Hacking social media accounts is something everyone wants to learn but is it very tough to hack servers of Facebook , Instagram TikTok, Twitter and Linkedin etc. to get the password.
The biggest vulnerability ever of social media platforms is humans. A recent security research has proved that it is fairly easy to hack Facebook, Twitter and other social media channels. There are several articles on the internet which talk about Facebook hacks, Instagram breaches and other social media hacks.
Social media platforms have implemented several security features. However, security researchers have shown that with minimal hacking skills and just by using a target’s phone number, hackers can breach a Facebook account. No matter how strong a password or security question you use, with a few hacks, hackers can hack the Facebook password of your account and take over your Facebook page.
Security analysts have discovered new Facebook hacks where hackers with skills to exploit the SS7 network can hack Facebook account in no time. All they need is your phone number. This weakness registered in the part of global telecom network SS7 allows cyber criminals to listen to and record personal phone calls, read SMSes.
In Box: A hacker first infects the mobile phone by sending a simple SMS, to influence the interest, after surveying his/her profile in social media and other sources. Once customer clicks to the offer, then he can easily enter to all the social media through the database, there is no need to hack any social media but hacker can have control on all the movements in the infected mobile.
What is SS7? Signalling System Number 7 (SS7) is a signaling protocol that is used extensively to send and receive information, cross-carrier billing, allow roaming on SIM cards and several other features. This signaling protocol is used by more than 800 telecommunication operators worldwide.
TikTok, Facebook, WhatApp is under intense scrutiny over users' privacy which is now under question mark.
The potential dangerous vulnerabilities that could have allowed remote attackers to hijack any user account just by knowing the mobile number of targeted victims. A report from Check Point says, that chaining multiple vulnerabilities allowed them to remotely execute malicious code and perform unwanted actions on behalf of the victims without their consent.
The reported vulnerabilities include low severity issues like SMS link spoofing, open redirection, and cross-site scripting (XSS) that when combined could allow a remote attacker to perform high impact attacks, including:
In the recent months, Check Point Research teams discovered multiple vulnerabilities within the TikTok application. The vulnerabilities described in this research allow attackers to do the following:
Get a hold of TikTok accounts and manipulate their content
Upload unauthorized videos
Make private “hidden” videos public
Reveal personal information saved on the account such as private email addresses
A recent report says , an attacker can send an SMS message to any phone number on behalf of TikTok with a modified download URL to a malicious page designed to execute code on a targeted device with already installed TikTok app.
The technique is commonly known as cross-site request forgery attack, wherein attackers trick authenticated users into executing an unwanted action.
Check Point responsibly reported these vulnerabilities to ByteDance, the developer of TikTok, in late November 2019, who then released a patched version of its mobile app within a month to protect its users from hackers.
Advisory: If you are not running the latest version of TikTok available on official app stores for Android and iOS, you're advised to update it as soon as possible.