August 2, 2016 at 17:57Hackers gain access to Telegram user accounts in Iran
Reuters reporters report that the Telegram messenger in Iran has undergone the most massive compromise of user accounts in history. As a result, hackers managed to disclose information on more than 15 million phone numbers of instant messenger users, as well as gain access to a dozen accounts. Hackers took advantage of the most vulnerable place in Telegram - the process of activating new devices, which is based on sending SMS text messages.
Telegram is a very common messenger in Iran, its audience reaches 20 million people. The messenger is used by many civic activists, as well as journalists, since it provides a high level of security for the data being sent. When a user activates a new device, Telegram sends an activation code to it in a special SMS message. This code can be intercepted at the level of a telecommunications company and end up in the hands of hackers.
According to the comments of Reuters experts, this is not the first case of a compromise of Telegram service accounts due to the interception of activation codes in SMS messages. When it comes to civic activists who want to defend themselves against any type of government involvement in their activities, telecommunications companies' access to this process can be critical to security.
The information obtained as a result of the attack can be used to deanonymize users and determine their territorial location, which is in the hands of special services that work in the interests of the state. Having received an activation code at their disposal, attackers can add their device to the victim’s account and gain access to correspondence. At the same time, this type of attack does not apply to messages that were sent in secret chat mode, since they are not stored in the cloud and are accessible only from the device that initiated the secure connection.
Telegram is criticized by security experts not only for the aforementioned vulnerability, but also for the closedness of the MTProto encryption protocol for open audit. In addition, unlike WhatsApp or iMessage, Telegram does not use E2EE by default, which can also be used as a security flaw, since, as a rule, users use the standard settings for using the messenger without switching to secure chat mode.
Telegram is a very common messenger in Iran, its audience reaches 20 million people. The messenger is used by many civic activists, as well as journalists, since it provides a high level of security for the data being sent. When a user activates a new device, Telegram sends an activation code to it in a special SMS message. This code can be intercepted at the level of a telecommunications company and end up in the hands of hackers.
According to the comments of Reuters experts, this is not the first case of a compromise of Telegram service accounts due to the interception of activation codes in SMS messages. When it comes to civic activists who want to defend themselves against any type of government involvement in their activities, telecommunications companies' access to this process can be critical to security.
Iranian hackers have compromised more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users, the largest known breach of the encrypted communications system.
The information obtained as a result of the attack can be used to deanonymize users and determine their territorial location, which is in the hands of special services that work in the interests of the state. Having received an activation code at their disposal, attackers can add their device to the victim’s account and gain access to correspondence. At the same time, this type of attack does not apply to messages that were sent in secret chat mode, since they are not stored in the cloud and are accessible only from the device that initiated the secure connection.
Telegram is criticized by security experts not only for the aforementioned vulnerability, but also for the closedness of the MTProto encryption protocol for open audit. In addition, unlike WhatsApp or iMessage, Telegram does not use E2EE by default, which can also be used as a security flaw, since, as a rule, users use the standard settings for using the messenger without switching to secure chat mode.