WhatsApp And Telegram Vulnerable To SS7 Bug

SS7, a worldwide undernet of sorts for telecoms that facilitates basic communication, has a serious bug that leaves it vulnerable to a fairly simple attack based on having a user's phone number. The hack is well known and well documented, but patching it would be quite difficult due to a need for worldwide compliance between all of the telecoms involved. With SS7 being such a widely known bug, naturally, everybody from carriers to app developers have to do what they can to help ensure that their products are as guarded as possible against the SS7 vulnerability. There is no such thing as 100% safety, of course, as WhatsApp and Telegram found out when security buff Thomas Fox-Brewster took to YouTube to reveal his hacks of their services based on the SS7 bug.

The way it works, in essence, is that by tricking the network into thinking that a designated phone, the "hacker", is the actual owner of the target phone number, referred to as "the victim." A hacker can use that to gain access to the intended victim's account on both services. Essentially, all the hacker had to do was use the lost password option and choose to get into the account via phone number verification, including an SMS message and a phone call, made possible by the network thinking that the "hacker" phone had the "victim" number. From there, the hacker gains access to the account, which actually kicks the real victim out. If the hacker wants to keep the victim out for whatever reason, they have every privilege to close down the account or change the password.

While this is only shown with WhatsApp and Telegram, this hack has the potential to work for just about any app or service that uses a phone number to verify a user's identity, even services like PayPal that deal with financial information. Even a user's Facebook and Google account, under the right conditions, could even be compromised by this hack, as long as a hacker has the phone number in question. This only serves to underscore the severity of the SS7 bug and the importance of safeguarding against it in any possible way while worldwide telecoms work on getting a fix implemented.

You May Like These
More Like This:
About the Author
2018/10/Daniel-Fuller-2018.jpg

Daniel Fuller

Senior Staff Writer
Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, voice assistants, AI technology development, and hot gaming news in the Android world. Contact him at [email protected]
Android Headlines We Are Hiring Apply Now