The Key Vulnerability Hackers Use to Steal Facebook Accounts and More  

BY:

Jun 23, 2016

Despite all of the attention that large companies, such as Facebook, give to cybersecurity, both through advanced technology and simple things like reminding you to change your password regularly, a major and little-known security vulnerability remains wide open. To complicate matters further, this security vulnerability applies not only to Facebook, but to any site or web service that uses SMS-based authentication systems. It is a vulnerability in a set of telephony signaling protocols commonly called the SS7 network.

Hackers SS7

What is SS7?

Signalling System 7 is a communications system developed in 1975 that provides global telecommunications network services—it is the worldwide path through which landline phones transmit voice calls and through which mobile phones transmit data. The SS7 network was never designed with security in mind; it trusts messages sent over it regardless of where they come from, making it easy for hackers and cyber criminals to exploit.

The process requires only some information about the victim’s device, such as its phone number and a few other technical details. From that point, fooling the SS7 service into diverting calls, data, or even encrypted WhatsApp and Telegram messages to the hacker’s device. End-to-end encryption doesn’t offer much in the way of security in this situation since hackers can effectively fool the network into confirming their devices are legitimate.

Why is SS7 so Vulnerable?

It is evident that SS7’s designers did not imagine a need to encrypt data or even have a firewall in place. The telecommunications environment of 1975 simply did not call for such elaborate security measures. Now that the network is the primary global system for transmitting this type of data, however, an important question arises: Whose responsibility is it to upgrade its security?

A deceptively simple answer would be the government. However, the United States lacks the tools and the jurisdiction to do this, especially since the Telecommunications Act of 1996 effectively deregulated the domestic market. SS7 is a global network—is America going to fix every telecommunications security flaw in every country in the world?

The next possible answer would be the telecommunications giants: Verizon, Vodafone, Sprint, Telefonica, etc. These companies would seem to share the responsibility, but the size of the network creates complex problems when it comes to regulating the manner in which these upgrades take place.

Apart from simple issues, such as who pays for the improvements and how they can be structured so as to be compatible with one another, there is the major issue of incentive. None of the telecommunications companies have a clear incentive to secure the SS7 network. Even if one company completely secures the elements of the network it uses, vulnerabilities in another company’s infrastructure compromise those improvements. Nevertheless, Vodafone and Telefonica are working on improving SS7 security, according to Forbes.

How to Protect Your Accounts, Data, and Identity

Since the vulnerabilities present in the SS7 network are so wide-ranging, two-factor authentication is an absolute must-have. Any site featuring a two-factor authentication method that does not rely on SMS can be considered safe from SS7 vulnerabilities. Additionally, not sharing personal phone numbers on public resources can help keep that vital piece of information out of hackers’ hands.

{company} is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at {phone} or send us an email at {email} for more information.

Related Blogs

  • On a blue background are the letters AI in white. Superimposed over this is a robotic face wrapped with a connectivity symbol. A word bubble says can I help you." alt="">
    How AI Chatbots are Changing the Call Center Game

    With Amazon Lex Chatbots and Contact Lens, you can create tomorrow’s customer experience today. Key Takeaways: AI chatbots are revolutionizing not just call centers, but the way customer service is...

    Learn More
  • Six office workers sit at computers on opposite sides of a table in a brightly lit office." alt="">
    4 Challenges of Managing WorkSpaces at Scale and How to Solve Them

    A skills gap in IT staff and rising employee costs make managed services the right choice Key Takeaways: Research says it takes a minimum of 10 dedicated full-time IT staff members to manage DaaS...

    Learn More
  • The customer call center in an AI world." alt="">
    How Artificial Intelligence Is Reinventing the Call Center

    Today’s most important AI call center trends – is your call center ready for them?  Key Takeaways:  Learn how to improve customer service operations using automation while still providing...

    Learn More