Internet Security Blog - Hackology

Hackers hijack WhatsApp and Telegram accounts using SS7 Exploit



Telegram and WhatsApp are both known for their security and end-to-end encryption and latest forward way secrecy techniques which secure end user data in a good manner. All these security features still doesn’t stop hackers from Hacking into WhatsApp or Telegram using a very known and old exploit of Signaling System 7 (SS7) . Let me break it here that there is no SS7 Hack Software , its a flaw in SS7 which can be used to exploit and literally Hack Facebook ,WhatsApp,Telegram,Twitter using SS7 (Signaling System 7) . Literally any service which might use a SMS or Call verification can be hacked

SS7 Hack / Exploitation has been discussed many time in the Forum(archive.drhack.net), In this post I will show you the Live SS7 Hack Demo and how WhatsApp and Telegram accounts are taken over.

SS7 Hack Demo -Hacking WhatsApp / Telegram

YouTube has removed the demo video showing SS7 exploit in action with This Warning Message.

How the Hack is executed ?

WhatsApp Telegram Hack

Above demonstrated hack DOES NOT break WhatsApp and Telegram Encryption rather it exploits the weakness of SS7. This is done by tricking the cellular network into believing that the Attacker’s phone has the same number as the target’s. From there, the attacker would create a new WhatsApp or Telegram account and receive the secret code that authenticates their phone as the legitimate account holder. Keep in mind this technique would literally work on any Network and any Online Messaging Service , once you spoof the number you can pretty much do everything.

Will SS7 Vulnerability get Fixed ?

SS7 is a global network and not owned by any particular company, nor it can be rapidly patched through out the world. It’s a mess, and it’ll remain that way until someone, or a group, is appointed to govern and maintain it, which is very unlikely to happen

Must Read:  Delete '1 Week' old WhatsApp Messages for Everyone

SS7-interception

Until then, Hackers will Enjoy .

Another theory hints that intelligence agencies are the real cause between the vulnerability and Cellular networks ability to fix it. Having a weakness to spoof and clone every phone on the planet is a very eye candy option for all Intelligence Agencies which would not think for a second before invading our privacy.

Update :

Download MAPS and SS7 Protocol Simulator

MAPS

123 comments

This site uses Akismet to reduce spam. Learn how your comment data is processed.



Get Wise

Subscribe to my newsletter to get latest InfoSec / Hacking News (1 Email/week)
Brave Browser Message

Pin It on Pinterest

Shares
Share This