Media reported about the most massive hacker attack in the history of the messenger of Pavel Durov. According to the journalists, the hackers managed to compromise the accounts of tens Telegram and to identify the phone numbers of 15 million users.
Massive hacking have threatened the activists, journalists and other people in key positions in Iran, where the messenger is used by over 20 million users, said independent researcher Collin Anderson, who has been studying the crimes of the hackers for three years.
Vulnerability Telegram, according to experts, is to use SMS messages for activation of new devices. When the user opens the messenger app with a new phone, it receive a message with a code to activate. According to experts, the telephone company may intercept these SMS and send them to local hackers.
Armed with secret codes, hackers can get access not only to new messages “stolen” account, but also to the history of all the correspondences of a user, said Life.
“We have more than a dozen cases in which a Telegram accounts were compromised, and, most likely, with the help of the cellular company,” said Anderson. He also added that the support messenger for SMS makes it vulnerable in any country where the phone companies are owned or under strong government influence.
The researchers also found evidence that hackers broke into a software interface Telegram to identify at least 15 million Iranian phone numbers that are tied to accounts messenger. Using this information, attackers can map users of Telegram in Iran, which will be extremely useful for future cyber attacks.
Commenting on the situation, Pavel Durov said that numbers 15 million users Telegram was in the hands of criminals through busting in the API when you check the numbers on the existence of the user. This vulnerability, according to him, was closed in 2015.
“It was cut limits long enough at the time, when they started busting through the API. Identified — blocked. Deployed tools for automatic monitoring and prevention of brute force,” – said Durov.