How to Black out telegram and WhatsApp?

Reproduced from: Http://www.chinaz.com/server/2016/0513/530899.shtml?qq-pf-to=pcqq.group

There was a news last week that telegram and WhatsApp are not as safe as you think.

Now, in order to understand whether there is a loophole between the two telegram accounts, so we registered the account and made a test, such as, we attack the SS7 network in the test account, this is the information we get, first of all, we need to find IMSI code:

Re-registering (terminal) user information

Now we've got the user profile information.

Completing the user re-registration process

Now that we have control of the target account, we can then connect (Devayse) to the Telegram account (cell phone number) you want to test, and finally get the message.

After you enter the verification code (note the logo above), we can easily access your telegram account. We can now not only receive information on behalf of the victim, we can also be authorized to understand all the information in the Account (Telegram).

However, to understand that encrypted chat records are not implemented

But you can create a new session and then chat with others on behalf of the victim to get information

Then we did the same test in WhatsApp, we tested the account, now it can back up the chat log to Google Drive, so we need Google account information, we can now pretend to be a victim to chat with others to get more information

<iframe id= "Iframe1104309_0" src= "http://pos.baidu.com/dclm?sz=200x200&amp;rtbid=1971540&amp;rdid= 9223372032564593756&amp;dc=2&amp;di=1104309&amp;dri=0&amp;dis=0&amp;dai=7&amp;ps=0x0 &amp;dcb=baidu_ssp_define&amp;dtm=baidu_dup_setjsonadslot&amp;dvi=0.0&amp;dci=-1&amp;dpt= none&amp;tsr=0&amp;tpr=1466556369788&amp;ti=%e5%a6%82%e4%bd%95%e9%bb%91%e6%8e%89telegram%20%e4%bb% a5%e5%8f%8awhatsapp%ef%bc%9f%20-%20%e7%ab%99%e9%95%bf%e4%b9%8b%e5%ae%b6&amp;ari=1&amp;dbv=2&amp; Drs=3&amp;pcs=1903x952&amp;pss=1903x10108&amp;cfv=18&amp;cpl=34&amp;chi=1&amp;cce=true &amp;cec=utf-8&amp;tlm=1466556371&amp;ltu=http%3a%2f%2fwww.chinaz.com%2fserver%2f2016%2f0513% 2f530899.shtml%3fqq-pf-to%3dpcqq.group&amp;ecd=1&amp;psr=1920x1080&amp;par=1920x1040&amp;pis=- 1x-1&amp;ccd=24&amp;cja=true&amp;cmi=52&amp;col=zh-cn&amp;cdo=-1&amp;tcn=1466556371 &amp;qn=c5461e3e85336f37&amp;dpv=c5461e3e85336f37&amp;tt=1466556369709.1451.1494.1495 "width=" "height=" "align=" Center,center "vspace=" 0 "hspace=" 0 "marginwidth=" 0 "marginheight=" 0 "scrolling=" no "frameborder=" 0 " Allowtransparency= "true" style= "Display:block"; border-width:0px; Vertical-align:bottom; margin:0px; " ></iframe>

According to a number of previous reports, it is stated that it is not as safe to send the verification code by SMS, and SS7 has been a lot of problems before, and the attacker's attack on the network can be carried out anywhere. It is worth noting that all testing is done under the default software settings, that is to say, there are many users are using the default settings.

what is SS7.

Developed in the 1980s, Signal System 7 (SS7) is a stack of protocols used by most telecom operators around the world to provide services such as telephones, text messages and Internet data, which connects mobile operators and state operator-controlled nodes into closed networks, directing mobile traffic from cell phone towers to the Internet. Thousands of companies have access to SS7, or they can share access to third-party use.

* Reference Source: Habrahabr, Rice ball Delivery, reproduced please indicate from FREEBUF hackers and Geeks (freebuf.com)