Do you think your personal information is safer while using “secure” messaging apps? If your answer is “Yes”, think again. Even apps whose entire mission statement is about security aren’t safe from security breaches, as the recent Telegram hack proves. In it, the phone numbers of 15 million Iranian users may have been stolen.
Details About the Telegram hack
The breach was carried out earlier this year. The hackers bypassed the encryption by adding new devices to the user’s account. It happened like this: to add a new device, Telegram sends a confirmation code via SMS. That message is then intercepted by the hackers. After that, they’re in the loop, scot-free. The encryption doesn’t even need cracking.
Reuters reported the attack. In their article, they claim that the app was broadly used in the Middle East, with 20 million users in Iran alone. Some of its users include journalists, activist, anyone who might need privacy in Iran. Telegram is also allegedly used by Islamic State.
Telegram’s Response
The app’s websitehas posted a message on their site, advising users to use their 2 step verification methods when adding new devices. The post also claims that:
“If you have a strong Telegram password, and your recovery email is secure, there’s nothing an attacker can do.”
The app’s founder, Pavel Durov, has advised users in “troubled countries” to set passwords for more security. Telegram provides some options for furthering security.
According to Pavel Durov’s Twitter, back in 2015, the Iranian government had requested Telegram to provide them with “spying and censorship tools.” After the company had turned down the request, their app got blocked for a short time. Some suspect government involvement in the recent hack, though that’s not proven.
Encryption, security, and messaging
The Information age brought on tons of new ways for people to communicate, however, that came with a price. Almost all digital communications can be intercepted, hacked, tapped, etc. Decryption is one way to combat this. When the device is encrypted, the information is scrambled, so it can’t be accessed without the proper key. Telegram’s encryption was end-to-end, meaning that everything in the app was encrypted. Other messaging apps also include encryption, like the Facebook Messenger and WhatsApp. As the hack in Iran proves, encryption doesn’t solve everything and can be bypassed. Like the Telegram team suggested, setting up a password is almost always a good idea for improving your security. And while the Telegram encryption might’ve failed, encrypting your
Android device or computer could be very beneficial.