How to Hack a Facebook Account with Just a Phone Number

How does one hack someone’s Facebook account?

That’s a burning question that seemingly everyone wants to know on the Internet. A security researcher’s team from Positive Technologies has just proven that, as long as someone has someone’s phone number, they can actually take control of the person’s Facebook account. Of course, the perpetrator would need some hacking skills to begin with.

So if you have those hacking skills, then this article is for you.

A flaw in the SS7 protocol makes it easier than you’d think to hack someone’s Facebook account. And yes, even your Facebook account could be hacked. It doesn’t matter how strong your password is, or how many additional security measures you take to secure your account. This SS7 flaw is no joke!

So, before we dive into the how and what you need to do, it might be helpful to watch the fist 60-seconds of this YouTube video to complement this article.  When you’re done, come back here and I’ll show you how to hack a Facebook account in mobile, or desktop.

Hackers with skills to exploit the SS7 network can easily access your Facebook account. The most frightening part? All they need is your phone number. The global telecom network SS7 flaw has been identified to be a gateway for many hacking attempts. Strategies can range from listening in on targeted phone calls to sending and receiving text messages. But, the latest discovery is that it can also be used to hack someone’s Facebook account using just their phone number.

What is the SS7 flaw that makes this hack possible?

Signaling System Number 7 or SS7 in short, is a telephony signaling protocol that over 800 telecom operators worldwide use to exchange information with one another. Information such as cross-carrier billing, roaming ability, and other features all work through SS7. However, an issue with the SS7 network is that it trusts all messages it receives without checking their origin. So, malicious hackers could potentially trick SS7 into diverting text messages and calls to their personal devices.

All they need is the target person’s phone number and certain details of the person’s device to initiate their silent snooping. The aforementioned researcher’s team gave a demonstration of the Facebook hack using similar tricks, as reported by Forbes. SS7 has been known to be vulnerable for years, despite it being the most advanced encryption used by cellular networks. The design flaws in SS7 have been circulating since 2014, when the team of researchers at German Security Research Labs alerted the world to them.

Here’s How to Hack Any Facebook Account with just a Phone Number

  • First, the wannabe hacker needs to click on the “Forgot account?” link on Facebook’s homepage. Then, Facebook asks for an email address or phone number linked to the target account and to provide the phone number.
  • After that, the attacker now can use some their skills to divert the SMS containing a one-time passcode (OTP) to their own computer or phone. Then, they can subsequently log into the Facebook account associated with the number.

This issue affects all Facebook users who have registered a phone number with Facebook and have authorized Facebook Texts. Additionally, the researcher’s work shows that any service that uses SMS service to verify accounts is vulnerable to hacks.

This may take some time to fix, so here’s what you can do in the meantime to protect yourself:

  • Do not link your phone number to social networking sites. Depend on recovery emails to secure your account on Facebook or other social media.
  • Use two-factor authentication that does not use SMS texts for receiving OTP codes.
  • Only use communication apps that offer “end-to-end encryption” to protect your data.

Editor’s note: This article is just informative and does not encourage any hacking. To hack a Facebook account may constitute a severely punishable crime. Avoid this behavior.