Showing posts with label Telegram. Show all posts
Showing posts with label Telegram. Show all posts

Friday, 12 August 2016

Hackers Breach the Ultra-Secure Messaging App Telegram in Iran


Telegram Accounts Hacked – Susceptibility of SMS Text Message

According to Reuters, over a dozen Iranian Telegram accounts, like the messaging app having a focus on security have been compromised in the last year due to the susceptibility of an SMS text message.They have recognized around 15 million Iranian users’ phone numbers, which seems to be the biggest known breach of the encrypted communication systems as informed by cyber researchers to Reuters.

 According to independent cyber researcher Collin Anderson and Amnesty International technologist Claudio Guarnieri, studying Iranian hacking groups for three years has informed that the attack which had occurred this year, had not been reported earlier, has endangered the communication of activists, journalist together with several others in sensitive positions in Iran, where Telegram is said to be utilised by around 20 million users.

Telegram tends to endorses itself as an ultra-secure instant messaging system since all the data is encrypted from beginning to end which is known as end-to-end encryption. Various other messaging services comprising of Facebook Inc., WhatsApp state that they have the same proficiencies. Telegram, which is headquartered inBerlin, states that it has 100 million active subscribers and is extensively usedin Middle East, inclusive ofthe Islamic State militant group and in Central and Southeast Asia as well as Latin America.

Authorization Code –Diverted by Phone Company/Shared with Hackers

According to Anderson and Guarnieri, the susceptibility of Telegram is in its use of SMS text messages in activating new devices. When a user tends to log on to Telegram from a new phone, the company directs them with an authorization code through SMS which can be diverted by the phone company and shared with the hackers, according to the researchers.

Equipped with the codes, the hackers can now add new devices to the Telegram account of the user enabling them to read chat histories together with the new messages. Anderson had informed during an interview that they had over a dozen cases where Telegram accounts have been negotiated through ways that sound like fundamentally coordinated with the cellphone company.

According to the researchers, Telegram’s dependence on SMS verification tends to make it defenceless in any country where the cellphone companies are possessed or profoundly influenced by the government.

Iranian Hacking Group – Rocket Kitten

Telegram spokesman stated that customers could defend against these attacks by not relying on the verification of SMS. Telegram enables though it is not essential that customers create passwords which could be reset with the so-called recovery emails.

The spokesman, Markus Ra has informed that if one has a strong Telegram password and the recovery email is secure, the attackers can do nothing about it. The researchers believe that the Iranian hacking group Rocket Kitten is responsible for the Telegram breaches based on resemblances to the setup of past phishing attacks credited to the group.

There is a prevalent rumour that Rocket Kitten tends to have ties to the Iranian government. John Hultquist, managing the cyber espionage intelligence team at the security firm FireEye, of Rocket Kitten has informed that `their focus generally revolves around those with an interest in Iran and defense issues however their action is completely global. With regards to Telegram attacks, it has also been suggested by the researchers that SMS messages could have been conceded by Iranian cell phone companies, which is an industry that has prospective links with the government

Friday, 28 February 2014

Stiftung Warentest classifies WhatsApp as very critical

Stiftung Warentest has tested the data protection of WhatsApp and the other four alternatives of messenger service. The Swiss App Threema is the only one of the four messengers stood and fulfilled the requirements of the tester and stood alone. The independent consumer organization Stiftung Warentest has tested the Instant Messenger WhatsApp and four other alternative instant messengers.

The results give some unexpected results. Only the app Threema evaluate by the tester as non-critical where as WhatsApp itself is classified as very critical one in data protection, as well as the BlackBerry Messenger and Line also categorize as very critical and the same for the Telegram. According to Stiftung Warentest; they have checked the messenger in the Android and iOS versions of the Messenger, and they checked whether the apps encrypt user data and what information they transmit to whom.

“The assessment therefore refers exclusively to the Privacy Policy, writes the consumer organization. In other words, the usability of the Messenger has played no part in the tests. In addition to pure data transmission, the tester interested in the conditions of the actual app, transparency or openness source with respect to the transmission protocol and the availability and cost of apps. When the top rated app Threema welcome the tester that the Android version completely renounce the transmission of user data. In addition, the apps for iOS and Android saved the address book entries only under a pseudonym.

However one complaint is there are that Threema is not open source software. Therefore, a complete analysis according to Stiftung Warentest has not been possible. However, the same applies for all other tested apps. Even in the partly open source Telegram was not possible a full review of the transfer. The fact that data regarding the telegram sent unencrypted, but was ruled out, writes the consumer organization. The Messenger WhatsApp was described by the critics as very critical, unsurprisingly. The app was noticed in recent months repeatedly by security flaws.

According to Stiftung Warentest the Android version itself sends unencrypted data that the user enters including interview content might be. The tester feared that by many of the user data of WhatsApp transfer to the servers of Facebook. From the terms of the app, it is apparent that "the users data can be passed on to the new owner, i.e. Facebook.

 Facebook had announced the purchase of WhatsApp last Thursday. The other two Messenger, Line, and BlackBerry Messenger, were mentioned as critical by the consumer organization with respect to the data protection. The Android app of line sends the serial number IMEI of the device unencrypted to third parties further criticized by the tester. Blackberry on the other hand could create accurate personality profiles even with the data of its users.