News

Hackers gain access to Iranian Telegram users’ accounts – Update

By admin
Spread the love

Hackers in Iran gained access to “more than a dozen” Iranian Telegram accounts, according to security researchers. The hack was able to take place by intercepting the text message sent to activate Telegram on a new device.

Speaking to Reuters, the security researchers, who have been studying Iranian hackers for three years, say the problem will mainly arise in countries where telephone companies are heavily influenced by the government. According to the researchers, it seems very likely that the hacks took place in collaboration with the telephone company, because the latter can easily intercept text messages.

A Telegram spokesperson says users of the service can defend themselves against such attacks by not relying solely on SMS verification. This can be overcome by setting up two-step verification. In that case, an extra password can be set, so that it is not possible to log in on a new device without that password. This password can be retrieved via a ‘recovery email’, but if ‘your recovery email account is safe’, that should not be a problem, according to the spokesperson.

The security researchers also note that the hackers traced 15 million Iranian phone numbers of Telegram users. They would have done that by brute-force the api, by entering millions of numbers and finding out which numbers return a user ID. Telegram says that the API has since been modified and that it is no longer possible to perform such mass checks.

Berlin-based Telegram is a popular chat program in Iran; it would have about 20 million users. Telegram claims to have about 100 million active users, mainly in the Middle East, Southeast Asia and South America.

The US National Institute of Standards and Technology recently announced that it considers SMS to be unsuitable for two-step authentication, partly because a telephone number can be used by a VoIP service, for example. For example, NIST provides multi-factor authentication as a solution.

Update 10.18 am: Added clarification on how to get the 15 million phone numbers and the connection to the hack.

You might also like
News

Google is serious about ending passwords: ‘passkeys’ are becoming the…

News

EU Council determines position on security requirements for digital products

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Telegram has over 800 million active users and is not yet profitable

News

‘Microsoft wants to postpone deadline for Activision Blizzard…