Android Hacking How To's Mobile

Hackers hijack WhatsApp and Telegram accounts using SS7 Exploit




Telegram and WhatsApp are both known for their security and end-to-end encryption and latest forward way secrecy techniques which secure end user data in a good manner. All these security features still doesn’t stop hackers from Hacking into WhatsApp or Telegram using a very known and old exploit of Signaling System 7 (SS7) .

SS7 Exploitation has been discussed many time in the Forum , In this post I will just show you the Live Hack Demo and how accounts are taken over. Check out the Video Demo of WhatsApp hacking  (Telegram Technique is also SAME )

How the Hack is executed ?

WhatsApp Telegram Hack

Above demonstrated hack DOES NOT break WhatsApp and Telegram Encryption rather it exploits the weakness of SS7. This is done by tricking the cellular network into believing that the Attacker’s phone has the same number as the target’s. From there, the attacker would create a new WhatsApp or Telegram account and receive the secret code that authenticates their phone as the legitimate account holder. Keep in mind this technique would literally work on any Network and any Online Messaging Service , once you spoof the number you can pretty much do everything.

Will SS7 Vulnerability get Fixed ?

SS7 is a global network and not owned by any particular company, nor it can be rapidly patched through out the world. It’s a mess, and it’ll remain that way until someone, or a group, is appointed to govern and maintain it, which is very unlikely to happen

SS7-interception

Until then, Hackers will Enjoy .

Another theory hints that intelligence agencies are the real cause between the vulnerability and Cellular networks ability to fix it. Having a weakness to spoof and clone every phone on the planet is a very eye candy option for all Intelligence Agencies which would not think for a second before invading our privacy.

Update :

Download MAPS and SS7 Protocol Simulator

MAPS

 





About the author

Dr-Hack

Owner and founder of Hackology Internet Security Portal and BlackAngel. These days teach hacking so others can stay safe. Apart from hacking, a Movie Fanatic.Also run a tech Blog, small projects like encrypted paste etc and various PoC and research articles