Latest in Culture

Image credit: Siavosh Hosseini/NurPhoto via Getty Images

Iranian hackers compromise Telegram's secure messaging

The breach could put activists and journalists at risk.
692 Shares
Share
Tweet
Share
Save

Sponsored Links

Siavosh Hosseini/NurPhoto via Getty Images

Telegram prides itself on private messaging that lets activists escape government censorship and crackdowns, but it might have a crisis on its hands in Iran. Security researchers speaking to Reuters say that an Iranian hacking group has not only breached over a dozen Telegram accounts, but identified the phone numbers of over 15 million of the service's users in the country. The intruders reportedly intercepted SMS authentication codes and used those to add devices to their accounts, letting them read messages and impersonate others. To get the phone numbers, they took advantage of a Telegram programming interface.

It's not certain that the Iranian government is behind the attacks. However, the culprits (Rocket Kitten) have launched phishing campaigns that reflect official "interests and activities," according to the researchers. Also, the compromised targets included members of both opposition and reform groups -- and it's safe to say that some of those 15 million phone numbers could expose other activists and journalists.

So far, Telegram is portraying this as more a question of weak user security than a vulnerability. It tells Reuters that you can protect against these attacks by creating a strong password (which is strictly optional) that would add a layer of security. However, it raises a question: why aren't there security measures that could prevent this, such as making passwords mandatory? While this wouldn't solve all of Telegram's issues with Iran (the nation insists that companies store data in the country to facilitate censorship and spying), it would be an important start.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
692 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Volta Football is exactly what 'FIFA 20' needs

Volta Football is exactly what 'FIFA 20' needs

View
Skullcandy's Crusher ANC block noise while you feel the bass

Skullcandy's Crusher ANC block noise while you feel the bass

View
Zero's 2020 electric motorcycles include one that's loaded for adventures

Zero's 2020 electric motorcycles include one that's loaded for adventures

View
‘Call of Duty’ comes to mobile on October 1st

‘Call of Duty’ comes to mobile on October 1st

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr