Telegram is one of the most popular chat applications in Iran, boasting tens of millions of accounts – but those users may not be as secure as they think.
Advertisement
Telegram is shrugging off the phone numbers.
Black Hat An attack group known for rudimentary phishing scams and having operational security so bad their servers were popped by Check Point has compromised a dozen Telegram accounts and gained phone numbers for a further 15 million, possibly with possible state assistance. “Only publicly available data was collected and the accounts themselves were not accessed”.
Telegram underlines that it functions in a similar way to any SMS-based app. People who have access to another’s SMS messages can easily log into their Telegram account.
What the hackers did was just to check if a phone number was present in Telegram which is something that is already doable on Facebook Messenger, Whatsapp and Viber. When logging into a new device, Telegram sends authorization codes via SMS. “If you have a strong Telegram password and your recovery email is secure, there’s nothing an attacker can do”, Ra said.
“We have over a dozen cases in which Telegram accounts have been compromised, through ways that sound like basically coordination with the cellphone company”, Anderson said in an interview.
On the issue of the possible interception of SMS codes, the company wrote: “We’ve been increasingly warning our users in certain countries about it, and a year ago we introduced two-step verification specifically to defend users in such situations”. If you do that, there’s nothing an attacker can do.
While the researchers stopped short of attributing the attacks to the Iranian government, numerous targets seem to have also been targets of national law enforcement.
According to the publication, the cyberattack took place this year by hackers part of a group called “Rocket Kitten”, but the breach was kept under wraps. Rocket Kitten is believed to be responsible for spearphishing campaigns that target high ranking defense officials, various countries’ embassies, notable researchers, human rights activists, journalists, academic institutions, and scholars, including nuclear scientists.
Guarnieri and Anderson refused to speculate whether or not the hackers were connected to the Iranian government.
A security research duo told Reuters that they’ve found evidence of encrypted messaging service Telegram’s systems being breached by hacker group Rocket Kitten.
“A systematic de-anonymisation and classification of people who employ encryption tools (of some sort, at least) for an entire nation” has never been exposed before, Guarnieri said.
Telegram is used by 100 million people worldwide.
The fact that the app works on phone contacts means that anyone can use the public API to see whether a phone number is linked to a Telegram account or not.
Security researchers have pointed fingers at the SMS vulnerability for some time.
Advertisement
If you’re a Telegram user, make sure to turn on 2SV. On your device, go to Settings – Privacy and Security – 2-Step Verification.
