Submitted via IRC for TheMightyBuzzard
The accounts with Telegram, a secure messaging service based in Germany, were compromised by exploiting the fact that Telegram sends would-be users an SMS with authorization codes so that they can activate their devices.
The researchers believe the attackers have intercepted these text messages, and this allowed them to add new devices to the targets' account, and access everything in it.
This SMS interception has been performed either by compromising Iranian phone companies, or by colluding with them. The researchers believe that the latter theory is not far-fetched, as Rocket Kitten – the hacker group that they believe performed the attacks – is believed to be composed of Iranian hackers, possibly tied to the Iranian Revolutionary Guard Corps...
Rocket Kitten is known for targeting individuals, businesses and government organizations across the the Middle East, but also researchers (Iranian and European), Iranian citizens/activists, and Islamic and anti-Islamic preachers and groups, political parties and government officials.
The same group apparently also managed to misuse Telegram's API to identify 15 million Iranian phone numbers and user IDs tied with Telegram accounts earlier this year. This information can come in handy for orchestrating future attacks and help with investigations.
Source: https://www.helpnetsecurity.com/2016/08/03/compromised-telegram-accounts/
Related Stories
Telegram iOS app removed from App Store last week due to child pornography
The encrypted messaging app Telegram was mysteriously removed from Apple's App Store last week for a number of hours. At the time, little was known about the reason why, except that it had to do with "inappropriate content." According to a 9to5Mac report, Apple removed Telegram after the app was found serving up child pornography to users.
A verified email from Phil Schiller details that Apple was alerted to child pornography in the Telegram app, immediately verified the existence of the content, and removed the app from its online stores. Apple then notified Telegram and the authorities, including the National Center for Missing and Exploited Children. Telegram apps were only allowed to be restored to the App Store after Telegram removed the inappropriate content and reportedly banned the users who posted it.
[...] Since Telegram is a messaging app with end-to-end encryption, it's unlikely that the content in question originated from direct messages between users. It's possible that the child pornography came from a Telegram plugin, but neither Apple nor Telegram has revealed the source of the inappropriate content.
Telegram is an instant messaging service with at least 100 million monthly active users.
Also at The Verge and Apple Insider.
Related: Former Whatsapp Users Bring Telegram to its Knees
Hackers Compromised Telegram Accounts, Identified 15 Million Users' Phone Numbers
Open Source Remote Access Trojan Targets Telegram Users
Russia Targets Telegram App After St Petersburg Bombing
(Score: 0) by Anonymous Coward on Wednesday August 10 2016, @10:59AM
Like WhatsApp... ;)
(Score: 0) by Anonymous Coward on Wednesday August 10 2016, @11:29AM
Launch drones! Kill em all! Murica #1!
(Score: -1, Spam) by Anonymous Coward on Wednesday August 10 2016, @11:49AM
Greetings, Starfighter [imgur.com] .
You have been recruited by the Star League to defend the frontier
against Xur [imgur.com] and the Ko-Dan armada.
(Score: 1) by idetuxs on Wednesday August 10 2016, @12:41PM
If the case is that they intercepted the SMS in order to add new sessions then secret chats are not compromised. That's still pretty good.
I remember reading an article/blog thar pointed out this vulnerability.
(Score: 1, Insightful) by Anonymous Coward on Wednesday August 10 2016, @01:06PM
I'm so damn tired of all these "secure messaging" apps using your telephone number as your id. For one thing, that means you must have a telephone# and for another it means you are pretty much stuck using the same id to communicate with everyone which makes metadata analysis way too easy. We need a system that treats each line of communication as unique, including the logical endpoints.
(Score: 2) by GungnirSniper on Wednesday August 10 2016, @04:43PM
That's a strength of using it to the Marketing droids.
Tips for better submissions to help our site grow. [soylentnews.org]
(Score: 2) by Capt. Obvious on Wednesday August 10 2016, @11:09PM
While that makes sense from a security point of view, a unique identifier (like telephone number) makes it far easier to find out if an acquaintance has a secure account, and to connect with them. While it makes the ideal case less secure, it means it is far more likely to be used. A computer without an Internet connection is a lot safer, but a lot less useful.
(Score: 0) by Anonymous Coward on Wednesday August 10 2016, @04:15PM
The accounts with Telegram, *a secure messaging service based in Germany, were compromised
*citation needed
I don't think that word means what you think it means.