Telegram and WhatsApp are both known for their security and end-to-end encryption and latest forward way secrecy techniques which secure end user data in a good manner. All these security features still doesn’t stop hackers from Hacking into WhatsApp or Telegram using a very known and old exploit of Signaling System 7 (SS7) .
SS7 Exploitation has been discussed many time in the Forum , In this post I will just show you the Live Hack Demo and how accounts are taken over. Check out the Video Demo of WhatsApp hacking (Telegram Technique is also SAME )
How the Hack is executed ?
Above demonstrated hack DOES NOT break WhatsApp and Telegram Encryption rather it exploits the weakness of SS7. This is done by tricking the cellular network into believing that the Attacker’s phone has the same number as the target’s. From there, the attacker would create a new WhatsApp or Telegram account and receive the secret code that authenticates their phone as the legitimate account holder. Keep in mind this technique would literally work on any Network and any Online Messaging Service , once you spoof the number you can pretty much do everything.
Will SS7 Vulnerability get Fixed ?
SS7 is a global network and not owned by any particular company, nor it can be rapidly patched through out the world. It’s a mess, and it’ll remain that way until someone, or a group, is appointed to govern and maintain it, which is very unlikely to happen
Until then, Hackers will Enjoy .
Another theory hints that intelligence agencies are the real cause between the vulnerability and Cellular networks ability to fix it. Having a weakness to spoof and clone every phone on the planet is a very eye candy option for all Intelligence Agencies which would not think for a second before invading our privacy.
Download MAPS and SS7 Protocol Simulator