Iran Hackers Just Cracked Telegram’s Encrypted Messaging Code – Fortune

http://fortune.com/2016/08/02/telegram-hackers-iran/

The use of SMS verification seems to be the weak link here. The SMS messages are not secure enough.

2 Comments

  1. Tomi Engdahl says:

    Telegram:
    Telegram says only publicly available data collected in attack on Telegram in Iran, accounts not accessed

    Keep Calm and Send Telegrams!
    https://telegram.org/blog/15million-reuters

    Certain people checked whether some Iranian numbers were registered on Telegram and were able to confirm this for 15 million accounts. As a result, only publicly available data was collected and the accounts themselves were not accessed.

    However, since Telegram is based on phone contacts, any party can potentially check whether a phone number is registered in the system. This is also true for any other contact-based messaging app (WhatsApp, Messenger, etc.).

    SMS codes

    As for the reports that several accounts were accessed earlier this year by intercepting SMS-verification codes, this is hardly a new threat as we’ve been increasingly warning our users in certain countries about it. Last year we introduced 2-Step Verification specifically to defend users in such situations.

    If you have reasons to think that your mobile carrier is intercepting your SMS codes, use 2-Step Verification to protect your account with a password. If you do that, there’s nothing an attacker can do.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*