Reuters reports that Telegram, the messaging app with strong security as its unique selling proposition has been breached by Iranian hackers. The hackers gained access to “more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users”. The Reuters report says that the hackers are members of the group known as Rocket Kitten.
How Did Rocket Kitten Do It?
Telegram offers complete encryption of all data sent and received end to end. But the hackers were able to take advantage of the SMS verification code that is required for use of the service. As such, a hacker can hack the network to retrieve the SMS to get their hands on the code. According to the report, “Armed with the codes, the hackers can add new devices to a person’s Telegram account, enabling them to read chat histories as well as new messages.”
The Proverbial Weak Link
The question is not really “How secure is Telegram”? The question is, How secure is anything that we use? There is almost always that weak link in the steel chain that can be exploited, no matter how strong the chain. In this case, it is the SMS verification system. All services dependent on this link will likely be penetrable in the same way.
What Can Telegram Users Do?
A quote from Reuters:
A spokesman for Telegram said customers can defend against such attacks by not just relying on SMS verification. Telegram allows – though it does not require – customers to create passwords, which can be reset with so-called “recovery” emails. “If you have a strong Telegram password and your recovery email is secure, there’s nothing an attacker can do,” said Markus Ra, the spokesman.
You can read the complete Reuters report HERE.