Security researchers from Positive Technologies show us how a Facebook account can be violated. All you need to know is the user's phone number.
As demonstrated in the below video, οι επιτιθέμενοι μπορούν να εκμεταλλευτούν τη λειτουργία ανάκτησης κωδικών πρόσβασης του κοινωνικού δικτύου για να την κάνουν να αποστείλει έναν κωδικό πρόσβασης (one-time password) μέσω SMS στο χρήστη.
In previous publication we had reported that hackers managed to make an exploit in Appliances mobile using the SS7 global network.
Signaling System 7 (or Signaling System 7 - SS7) is a global network that connects all telephone operators around the world in a single node. Exploit exploits a known security flaw in SS7, which has proven to be relatively difficult to determine due to the way the Signaling System 7 works.
Currently, Signaling System 7 is used by all its cellular networks world, so the vulnerability affects all devices from every provider around the world.
Οι ερευνητές λοιπόν κατάφεραν να εκμεταλλευτούν τρωτά σημεία του δικτύου SS7 και να αποκτήσουν λεπτομέρειες για την κινητή συσκευή του θύματος. Μετά “γράφουν” το θύμα σε ένα false roaming network. This allows them to receive all calls and SMS meant for the victim, as well as the aforementioned SMS coming from Facebook.
With this code, attackers can easily access the victim's Facebook account and throw it out with a simple change of code access.
Security investigator Karsten Nohl told Forbes that creating simple rules on the SS7 firewall would resolve the 90% of 7 Signal Security
Your Facebook account will not be at risk of this attack by using two-factor authentication provided by the company. Once you add the security feature, password retrieval stops sending SMS passwords.
Since this attack is possible due to the vulnerability of the SS7 system rather than through Facebook, it is very likely that it could also work for violations of other online services that use the same password recovery mechanism.
Watch the video
https://www.youtube.com/watch?v=wc72mmsR6bM