How to hijack telegram and whatsapp with ss7 flaw

Jun 17, 2016 | 12:06 pm

Published by | Chandan Singh

whatsapp

This individual world’s most popular get across platform messaging App is observed to be ultimate crack or hack into by many because it has recently enabled 256-bit encryption.

For ordinary spirits this encryption would take days and months to decode a sentence or a complete message. Chant with another secure messages service called Telegram. Although Telegram is not as popular as WhatsApp, it has its ardent group of followers who utilize it for its encryption as well as snooping free service.

Though both of these Apps are end-to-end encrypted they are all suffer from hardware part vulnerability which may be exploited to hack and hijack both WhatsApp and Telegram.

The vulnerability lies in Whistling System 7, or SS7, the technology utilized by phone system operators, which the highly secure messaging system and telephone calls rely. SS7 is a set of telephony signaling protocols developed in 1975, which is utilized to setup and tear down the majority of the world’s general public switched telephone network (PSTN) telephone calls. Additionally, it works number translation, local number portability, prepaid billing, Short Message Service (SMS), and other mass market services.

SS7 is susceptible to cracking and this has recently been known since 2008. In 2014, the media reported a protocol vulnerability of SS7 by which both government departments and non-state actors can track the movements of mobile phone users from practically anywhere in the world with a success rate of around 70%. In addition, eavesdropping is possible by using the protocol to ahead calls and also help decryption by requesting that each caller’s carrier release a short-term encryption key to unlock the communication after it is often recorded. Researchers created a tool (Snoop Snitch) which can warn when certain SS7 attacks occur against a phone and identify IMSI-catchers.

Both hacks take advantage of the SS7 vulnerability by tricking the telecom network into believing the attacker’s phone has got the same number as the victim’s telephone. Once the network has been fooled, anybody, even a newbie can monitor the legitimate WhatsApp and Telegram user by making a new WhatsApp or Telegram account using the key code.

Once complete, the attacker now controls the account, including the capability to send and get messages. Even more horrific is the fact that the hacker can also send messages on account of the victim, and read confidential messages designed for the victim without ever before needing to try to break strong encryption protocols.