SoylentNews is people
SoylentNews
Submitted via IRC for TheMightyBuzzard
The accounts with Telegram, a secure messaging service based in Germany, were compromised by exploiting the fact that Telegram sends would-be users an SMS with authorization codes so that they can activate their devices.
The researchers believe the attackers have intercepted these text messages, and this allowed them to add new devices to the targets' account, and access everything in it.
This SMS interception has been performed either by compromising Iranian phone companies, or by colluding with them. The researchers believe that the latter theory is not far-fetched, as Rocket Kitten – the hacker group that they believe performed the attacks – is believed to be composed of Iranian hackers, possibly tied to the Iranian Revolutionary Guard Corps...
Rocket Kitten is known for targeting individuals, businesses and government organizations across the the Middle East, but also researchers (Iranian and European), Iranian citizens/activists, and Islamic and anti-Islamic preachers and groups, political parties and government officials.
The same group apparently also managed to misuse Telegram's API to identify 15 million Iranian phone numbers and user IDs tied with Telegram accounts earlier this year. This information can come in handy for orchestrating future attacks and help with investigations.
Source: https://www.helpnetsecurity.com/2016/08/03/compromised-telegram-accounts/
(Score: 0) by Anonymous Coward on Wednesday August 10 2016, @10:59AM
Like WhatsApp... ;)
(Score: 0) by Anonymous Coward on Wednesday August 10 2016, @11:29AM
Launch drones! Kill em all! Murica #1!
(Score: -1, Spam) by Anonymous Coward on Wednesday August 10 2016, @11:49AM
Greetings, Starfighter [imgur.com] .
You have been recruited by the Star League to defend the frontier
against Xur [imgur.com] and the Ko-Dan armada.
(Score: 1) by idetuxs on Wednesday August 10 2016, @12:41PM
If the case is that they intercepted the SMS in order to add new sessions then secret chats are not compromised. That's still pretty good.
I remember reading an article/blog thar pointed out this vulnerability.
(Score: 1, Insightful) by Anonymous Coward on Wednesday August 10 2016, @01:06PM
I'm so damn tired of all these "secure messaging" apps using your telephone number as your id. For one thing, that means you must have a telephone# and for another it means you are pretty much stuck using the same id to communicate with everyone which makes metadata analysis way too easy. We need a system that treats each line of communication as unique, including the logical endpoints.
(Score: 2) by GungnirSniper on Wednesday August 10 2016, @04:43PM
That's a strength of using it to the Marketing droids.
Tips for better submissions to help our site grow. [soylentnews.org]
(Score: 2) by Capt. Obvious on Wednesday August 10 2016, @11:09PM
While that makes sense from a security point of view, a unique identifier (like telephone number) makes it far easier to find out if an acquaintance has a secure account, and to connect with them. While it makes the ideal case less secure, it means it is far more likely to be used. A computer without an Internet connection is a lot safer, but a lot less useful.
(Score: 0) by Anonymous Coward on Wednesday August 10 2016, @04:15PM
The accounts with Telegram, *a secure messaging service based in Germany, were compromised
*citation needed
I don't think that word means what you think it means.