No good deed today can help you protect yourself completely.
Reuters and several media outlets are reporting that the phone numbers of 15 Million users in Iran and more than a dozen accounts on the Telegram instant messaging service have been compromised by Iranian hackers exploiting an SMS text message flaw.
Telegram is a messaging app "with a focus on security" that promotes itself as an ultra secure instant messaging system as all data is end-to-end encrypted. The service claims to have 100 Million active subscribers.
According to research conducted by two security researchers, Collin Anderson and Claudio Guarnieri, this attack has threatened the communications of activists, journalists and other people in Iran, where around 20 Million people use Telegram.
The incident is even said to be the largest known breach of the encrypted messaging applications.
However, you don't need to panic much, because 'SMS Interception' is not a Telegram's vulnerability. Such attack can be used against any messaging app, like Whatsapp and Viber, whose registration is based upon SMS-based verification mechanism.
Not Just Telegram, Other Secure Messaging Apps Also Hackable:
For those who aren't familiar, the SMS-based verification process is being deployed by the services to send authorization codes to its users via text messages, in Telegram case, to activate the same account on new devices.
But, these authorization codes provided in the SMS can be intercepted by state-owned phone companies or any malicious hacker with advanced skills and access to sufficient resources.
With the help of these codes, hackers could covertly add new devices, in the case of Telegram that allows users to log their account on multiple devices, to a target's Telegram account and snoop on messages, though end-to-end encrypted chats aren't accessible across devices.
This is how the standard SMS-based verification works, so one can not blame Telegram or particular service that is using this mechanism.
"As for the reports that several accounts were accessed earlier this year by intercepting SMS-verification codes, this is hardly a new threat as we've been increasingly warning our users in certain countries about it." Telegram says.Also Read: Apple Can Still Read Your Encrypted iMessages.
3 Telegram Security Features You Might Not Know About. Turn Them ON!
While other encrypted services do not offer any security mechanism to combat such hacking and surveillance attempts by hackers and government, Telegram provides some security features that are less known but are important to implement.1. Monitor Telegram Active Sessions
Every sign-in creates an Active Session that can be viewed through Privacy and Security settings, showing all your logged in devices with IP addresses.
Telegram also gives you an option to remotely stop any session that you no longer need or find suspicious.
2. Enable Telegram's Two-Step Verification Password (Important)
This feature prevents you from the recent SMS text message attacks, as that additional password is required for an attacker to log into your account.
So, if you think that your mobile carrier or state-sponsored hacker is intercepting your SMS codes, the best solution is to use 2-Step Verification to protect your Telegram account with a password.
If you do that, there's nothing an attacker, even with your authentication code, can do.
3. Use Self-Destruct Secret Chats
Telegram's end-to-end encrypted chat feature is not enabled by default. So, you need to select Secret Chat feature before start chatting.
Recently introduced in Facebook Messenger, Telegram also offers Self-Destruct Secret Chats that allows you to self-destruct your messages after a specified time (from 1 second to 1 week), leaving no trace on Telegram servers, unlike the regular chat method.
Telegram secret chat feature uses end-to-end encryption to safeguard your messages and does not allow forwarding messages and media.
So, your safety is in your hands. Stay Tune! Stay Secure!
