http://fortune.com/2016/08/02/telegram-hackers-iran/
The use of SMS verification seems to be the weak link here. The SMS messages are not secure enough.
http://fortune.com/2016/08/02/telegram-hackers-iran/
The use of SMS verification seems to be the weak link here. The SMS messages are not secure enough.
2 Comments
Tomi Engdahl says:
NIST declares the age of SMS-based 2-factor authentication over
http://www.epanorama.net/newepa/2016/07/27/nist-declares-the-age-of-sms-based-2-factor-authentication-over-techcrunch/
NIST blog clarifies SMS deprecation in wake of media tailspin
http://www.epanorama.net/newepa/2016/07/31/nist-blog-clarifies-sms-deprecation-in-wake-of-media-tailspin-zdnet/
Tomi Engdahl says:
Telegram:
Telegram says only publicly available data collected in attack on Telegram in Iran, accounts not accessed
Keep Calm and Send Telegrams!
https://telegram.org/blog/15million-reuters
Certain people checked whether some Iranian numbers were registered on Telegram and were able to confirm this for 15 million accounts. As a result, only publicly available data was collected and the accounts themselves were not accessed.
However, since Telegram is based on phone contacts, any party can potentially check whether a phone number is registered in the system. This is also true for any other contact-based messaging app (WhatsApp, Messenger, etc.).
SMS codes
As for the reports that several accounts were accessed earlier this year by intercepting SMS-verification codes, this is hardly a new threat as we’ve been increasingly warning our users in certain countries about it. Last year we introduced 2-Step Verification specifically to defend users in such situations.
If you have reasons to think that your mobile carrier is intercepting your SMS codes, use 2-Step Verification to protect your account with a password. If you do that, there’s nothing an attacker can do.