August 30, 2016 at 19:48Telegram two-factor authorization still / not working again
At the end of May of this year, I wrote Why two-factor authorization in Telegram does not work (with pictures).
Later, about a month after the publication, this happened to Sergei Parkhomenko - his account was hijacked in the manner described.
After that, it seems like Telegram temporarily disabled the ability to delete profiles protected by two-factor authentication in the messenger by the code from SMS .
About two weeks ago, I repeated my May experiment with hijacking a Telegram-account from myself - and everything turned out again, exactly the same as the last time .
In a word, as of August 18, 2016, an attack on accounts protected by two-factor authorization works again successfully: an attacker who has access to the user's SMS can “reset” the account, and for this he does not need to know the password:
In the screenshot, we see the result of the interlocutor hijacked an account protected by two-factor authorization, and wrote messages on his behalf.
That is, if anything, two-factor authorization in Telegram does not currently work.
Or again - if this opportunity was really turned off then in June, or still - if no one did it.
Later, about a month after the publication, this happened to Sergei Parkhomenko - his account was hijacked in the manner described.
After that, it seems like Telegram temporarily disabled the ability to delete profiles protected by two-factor authentication in the messenger by the code from SMS .
About two weeks ago, I repeated my May experiment with hijacking a Telegram-account from myself - and everything turned out again, exactly the same as the last time .
In a word, as of August 18, 2016, an attack on accounts protected by two-factor authorization works again successfully: an attacker who has access to the user's SMS can “reset” the account, and for this he does not need to know the password:
In the screenshot, we see the result of the interlocutor hijacked an account protected by two-factor authorization, and wrote messages on his behalf.
That is, if anything, two-factor authorization in Telegram does not currently work.
Or again - if this opportunity was really turned off then in June, or still - if no one did it.