Rocket Kitten Hack: How Secure Is Telegram?

Posted by

Reuters reports that Telegram, the messaging app with strong security as its unique selling proposition has been breached by Iranian hackers. The hackers gained access to “more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users”. The Reuters report says that the hackers are members of the group known as Rocket Kitten.

Rocket Kitten Telegram

How Did Rocket Kitten Do It?

Telegram offers complete encryption of all data sent and received end to end. But the hackers were able to take advantage of the SMS verification code that is required for use of the service. As such, a hacker can hack the network to retrieve the SMS to get their hands on the code. According to the report, “Armed with the codes, the hackers can add new devices to a person’s Telegram account, enabling them to read chat histories as well as new messages.”

The Proverbial Weak Link

The question is not really “How secure is Telegram”? The question is, How secure is anything that we use? There is almost always that weak link in the steel chain that can be exploited, no matter how strong the chain. In this case, it is the SMS verification system. All services dependent on this link will likely be penetrable in the same way.

What Can Telegram Users Do?

A quote from Reuters:

A spokesman for Telegram said customers can defend against such attacks by not just relying on SMS verification. Telegram allows – though it does not require – customers to create passwords, which can be reset with so-called “recovery” emails. “If you have a strong Telegram password and your recovery email is secure, there’s nothing an attacker can do,” said Markus Ra, the spokesman.

You can read the complete Reuters report HERE.

One comment

  1. Reminds one of the cloud (sync) features offered by lots of services like SwiftKey (with the recent screw-up of the cloud syncing facility).

    How are we so sure that, when you copy things to that your Dropbox, the contents is really for your eyes only?

    Unless you don’t use the internet at all (and even if you don’t), there is nothing like privacy anymore.

    It is not just a global village, it is also an intrusive one. Every single activity you carry out online is somewhere , on somebody’s server.

    (AES) security? It is the white man that made pencils that also made the obliterative eraser. Anything created by man can be destroyed by man. Security inclusive.

    Luckily, most of us are not Bond, James Bond..

Leave a Reply

Your email address will not be published. Required fields are marked *