Your Facebook Can Be Hacked Using Your Phone Number

If you thought your online accounts were safe from hackers, think again. Hackers can now hack your Facebook account, bank account, and other online accounts through your phone number, thanks to an SS7 flaw. Thus, this isn’t an issue with the security of your favorite websites, nor an issue of having weak passwords: it’s an issue with attaching your phone number to your accounts. One of the easiest ways a hacker can get your phone number (if you don’t have it visible online) is by stealing your phone. Ensure that a thief can’t discover your phone number — or access your personal information — by activating Anti-Theft on your device:

With Anti-Theft activated in advance, you’ll be able to protect your device, and all of the online accounts attached to your phone, in the event of loss or theft. You can use Anti-Theft to remotely block anyone from accessing your device, erase all of your data, sound an alarm (if you lost it nearby) and track your phone’s location. It’s an easy step to take to further protect your device against thieves or hackers.

Read More: Can Someone Hack My Android’s Bluetooth?

The SS7 Vulnerability

SS7, also known as the global signaling system, is a protocol suite that allows devices to communicate with one another worldwide. SS7 vulnerabilities are what allow hackers and spies to intercept text messages, listen to others’ phone calls, and track smartphone users’ locations. This means that they can intercept a text message to reset your password, or even divert texts to their devices to gain access to your account.

How Hackers Can Use Your Phone Number

For hackers that know how to use SS7 to their advantage, it’s very simple to hack online accounts through a victim’s phone number. All they need to do is go to the Facebook homepage, click on “Forgot account?”, and then type in your phone number. Then, they’ll redirect the text message (that you should receive) to them, so that they get your one-time password to log into your account. This same strategy can be used to access your Gmail account or other social networking accounts, too.

More recently, this strategy has been used to hack bank accounts and drain victims’ accounts instantly. However, this process is slightly more complicated than hacking into a Facebook account. Hackers first have to steal victims’ passwords, phone numbers, and account information. Then, to authorize the transfer of money, they have to get a fake telecom provider in order to redirect the bank’s one-time password to them. Once they have this information, they can log onto victims’ accounts to transfer the money and approve the transfer because they control the whole process.

How to Protect Your Online Accounts

Because of this SS7 flaw, it’s important to never attach your phone number to your Facebook account or other online accounts. For account recovery, you should instead choose to receive email alerts. This goes for two-factor authentication, as well. Two-factor authentication will make your account much more secure — as long as you receive codes via email, not text message. You may also want to use apps that offer end-to-end encryption — in addition to activating Anti-Theft — to better protect your personal information.