Because of a security flaw, hackers can get into Telegram.
One of the most popular messaging apps is Telegram. Around 200 million people use its service. Telegram advertises itself as a secure and private service.
Hackers utilized one of its login methods to collect data from world leaders. It’s used to find corruption proof and as a political tool.
The most recent scandal just happened in Puerto Rico. Governor Ricardo Rosello resigned after his Telegram account was hacked, and a corruption scandal related to Federal funds for hurricane relief and messages with profanity was released to the public.
The same thing happened to top officials in Brazil. Thousands of Telegram accounts were apparently compromised after the Secretary of Justice’s discussions were made public.
The issue is that the Telegram system only permits users to sign in using a text message-sent code. Hackers are taking advantage of this weakness by faking other users’ phone numbers.
Hackers could obtain a SIM card containing the victim’s number. However, that is simple to trace, and many accounts are difficult to access. However, a recent method gave Brazilian hackers access to thousands of accounts without going through a carrier.
So, what exactly happened?
Let’s investigate their method. According to the testimony in Portuguese, they obtained user access by impersonating their victims’ voicemails using a service called BRVoz.
They first discovered how to fake someone’s voicemail. Security for voicemail is incredibly lax. You can access someone else’s voicemail if you don’t put up a PIN code for your voicemail. Caller ID spoofing can access voice mail greetings. Since caller ID became ubiquitous, many voicemail systems check the calling number for authentication. Caller ID spoofing services like Spoofcard.com allow users to appear as though they are calling from the same number.
Even if you put up a PIN code, it will often be four digits long, making it easy for an attacker to brute force the code with just 10,000 attempts.
They leveraged voicemail, but how?
Now that the attacker has access to the victim’s voicemail, all he needs to do is get the Telegram code through voicemail. Telegram will leave the victim’s voicemail with the code if the phone ever goes down. By sending a silent SMS, hackers can determine if the victim’s phone is down.
By sending an excessive number of subtle SMS messages, you can take down someone’s system and prevent them from using their phone (an SMS flooding attack).
One of Brazil’s most well-known individuals also had his Telegram account compromised. He reveals in a tweet that he received a call from his number, indicating that the attackers used his phone number to access his voicemail. Hence, it proves hackers used voicemail spoofing to access consumers’ accounts.
Even though it is incredible that so few more accounts have been taken over, if Telegram does not fix this issue, hacks will continue. As a result, we strongly suggest using 2FA.
Read More – What’s the best and most secure messaging app? (informationtechnologypros.com)
