We-Tracker™: Performance and Specific Features

Accessing WeChat accounts remotely by means of exploiting vulnerability of SS7 protocol signaling system.

1 :General Information

Low rates of the high-speed Internet connection offer great opportunities and allow data exchange of any size. Installing modern messenger on a smartphone can be done in a single click and user can send and receive messages and multimedia files as well as make voice and video calls worldwide.

WeChat is a combination of a conventional messenger and a social network. The application allows exchanging any information with other users (text documents, multimedia files, voice and video messages) as well as transmitting location data in real time. The application has become increasingly popular worldwide thanks to extensive functionality and a user-friendly interface. Today, there are over one billion registered users in WeChat.

WhatsApp users distinguish the Moments Feed where souvenir photos, videos and other files can be posted. WeChatOut and WeChatPay have also become convenient complements. The first one allows making calls to mobile and landline phones all over the world while the second one enables to make mobile payments directly from the messenger.

2 : Specific Features of the Messenger

According to developers, WeChat is characterized by its enhanced confidentiality – it is the only TRUSTe certified messenger. But even this cannot guarantee user data security. Cyber security specialists state that information protection at WeChat has some serious drawbacks. Proper software settings allows any unauthorized person to gain access to the entire WeChat account history.

WeChat users can use the following application features:

  1. Message exchange and group chats (up to 500 people).
  2. Audio and video calls/conferencing with up to 9 people.
  3. Real-time transmission of the location data in real time.
  4. Making mobile payments via WeChatPay and Wallet.
  5. Friends search via Radar and using WeRun.

WeChat enables creation of official accounts making the platform for both personal and commercial purposes. The messenger with almost a billion people audience can be used to promote the trademarks and search new customers. The loss of an access to the account can pose a serious problem. It is therefore no wonder that the application clients make all efforts to recover their WeChat accounts.

3 : Remote Access to WeChat Accounts

Technological development and creation of new user data protection algorithms do not only ensure confidentiality but also lead to searching for some new ways to hack target accounts. Most existing spyware fails to accomplish the task even in 10% of cases.

Today, connecting to the target subscriber’s mobile network and interception of the message containing the verification code for logging into the messenger is one of the simplest and most efficient ways to hack WeChat. Access to the account is gained due to a cellular network security breach – SS7 protocol vulnerability. By the way, operators are not going to solve the problem (due to the huge cost of network retrofitting). Therefore, the described method is going to remain the most efficient solution for hacking accounts for a long time to come.

We-Tracker™ operates automatically eliminating the human factor. This minimizes the risk of any errors and allows ensuring successful completion of the initiated session. The software operation results in creating a user data archive containing full history of the target account activities.

4 : Drawbacks of Two-Factor Authentication

When a new account is registered in WeChat, the user must provide a valid phone number. This measure is supposed to enhance security and prevent any third parties from gaining access to the personal account. Yet the situation is quite the opposite: two-factor authentication becomes the main “breach” in the messenger protection.

In the existing account access system, the data transmitted in SMS are prioritized. It means that it is sufficient to enter the verification code from the received system message to prove your authority to access the account. But anonymity of SMS sent is responsibility of mobile operators and WeChat developers cannot make this data transmission channel more secure.

We-Tracker™ employs the vulnerability of SS7 signaling protocol and connects to the mobile operator’s data transmission channel. The web application intercepts the system message containing the access code and activates the target account on a virtual emulator. All processes take place in the background mode and do not affect the device with the target account.

5 : Signaling Protocol Vulnerability

The critical vulnerability of signaling system #7 (SS7) has been discussed by experts since 2014. It was then that at a conference dedicated to cyber security, Dmitriy Kurbatov and Sergey Puzankov (Positive Technologies experts) demonstrated clearly how the signaling protocol could be attacked.

Connection to SS7 provides access to all mobile operators’ switching units. This allows not only to intercept messages but also to send receipt acknowledgement reports (making the sender think that the SMS has been delivered to the receiver). Some time ago, only large companies having specialized equipment could exploit the vulnerability but now almost anyone is able to make use of the security breach.

In order to initiate interception of a system message, all a We-Tracker™ customer has to do is to enter the phone number (in the international format) that was provided during registration in WeChat. The web application will automatically gain access to the account to collect a full user data packet.

6 : What Does the Generated Archive Include?

After the software activates the target account on a virtual machine, the process of collecting user data starts. The history of activities is formed into a single archive which is then checked for viruses and sent to the We-Tracker™ client.

Information on the account activities:

  1. Incoming and outgoing messages with sent/received media files.
  2. Voice and video calls including calls to landline/mobile phones.
  3. Recent locations from the target account marked on the map.
  4. Created user stickers and connected third-party services.
  5. Photos, videos and other files posted in Moments.
  6. Additional data from WeChatPay and WeRun.

7 : We-Tracker™: System Requirements and Specific Features

The software operates on a remote server and only uses resources of the device it is installed on. It means that the application can be launched from a PC, a laptop, a smartphone or a tablet of any type or model, irrespective of their technical specifications.

The following requirements should be fulfilled to use the application:

  • Stable high-speed Internet connection for fast loading of archives (data package size can be over 2 GB).
  • The latest version of browsers (Internet Explorer, Google Chrome, Opera, Mozilla Firefox, Safari, Yandex.Browser).
  • Software that opens the archives and lets a user view the received files.

Web application has the following advantages:

  • Web application operation is not displayed on the device with the target account.
  • Efficiency of the software operation does not depend on the target subscriber’s mobile operator.
  • The account owner will not receive any notifications about their account activation on a remote server.

8 : Conclusion

We-Tracker™ is the most efficient and secure tool for hacking target WeChat accounts and is going to remain the one for quite some time. Although many world operators are trying to close numerous breaches in SS7, most mobile network owners do not even admit their existence. Therefore, we assume that this situation is not going to change much anytime soon.

The entire target account hacking process takes place on a remote server and does not affect the account owner’s device. This makes remote access to the account unnoticeable for the WeChat user. We-Tracker™ provides full access to the compromised account for the client who can do whatever they need with it. To make activities invisible to the account owner, we do not recommend making any calls or posting any media files in the account feed.