A recent research claimed a data breach from Telegram Messaging app in Iran. The hack affected about a dozen of the accounts on the app. Hackers allegedly identified the phone numbers of around 15 million Iranian users.
Cyber Experts believe it to be the biggest compromise of any encrypted communication system.
Telegram always ensured the users about their security. It uses end to end data encryption. Facebook and Whatsapp also declared to have such encodings.
The Telegram claims to have a massive client base in the Middle East, Central and South East Asia and Latin America. It has more than a 100 million active subscribers.
Telegram has 20 million users in Iran. The hack took place this year and wasn't reported yet. The hack jeopardised many people at sensitive positions. An independent Cyber researcher Collin Anderson and an international technologist Claudio Guarnieri studied the case.
The two researchers explained the vulnerability of Telegram. They think the reason is the use of SMS texts to activate a new device. When logging in from a new phone, it sends an authorization code via SMS. These text messages are interceptable by mobile companies and shared with hackers.
Hackers use these intercepts to add new devices to the accounts. They thus can access chat histories and new conversations as well.
A Telegram spokesperson said that the users shouldn't rely on SMSs. Telegram also allows the password creation which can be reset via recovery email. A secure Telegram password and recovery mail can immune you completely.
Iranian officials weren't available for a statement. But they had denied any government links in such hacks earlier.
Researchers say that the hacker group uses the alias 'Rocket Kitten'. It uses references in Persian in the codes. The team also carried out a phishing campaign in the past. The campaign reflected the interests and activities of Iranian Security System.
Researchers were defensive in commenting about any government link. They did not admit the existence of any government hacker group.
Researchers say that the breach used the programming interface of Telegram. The information also provides a map of Iranian user base that's useful for future attacks.
Telegram also blocked similar mapping attempts in the past. It has also tried to improve its detection and blocking strategies.
Experts think that Iranian hackers have been adaptive with the changing social media habits. Rocket Kitten targeted many political attributes.
Pavel Durov founded Telegram in 2013. Due to bans on Fb and Twitter, Telegram is much popular in Iran. Even the political campaigns in the country run on Telegram. They share political contents on the Telegram channels.
October last year Durov said that the government of Iran asked the company to provide spying and censorship tools. He said he denied the request and blocked Telegram for 2 hours on 20th October.
The company says it’s intact on its stance on censorship. There are claims that hackers even broke into the password protected accounts. The reason may be the hacked recovery emails.
The Carnegie Endowment for International Peace will publish the complete research of Anderson and Guarnieri. They will also present their findings at Black Hat Conference in Vegas.