Telegram, which positions itself a secure messaging app, has experienced its most extensive hack to date in Iran.
Over a dozen accounts were accessed in the hack, which obtained phone numbers for around 15 million Telegram users in Iran – around 75% of the country’s total Telegram users. While the breach occurred earlier in the year, it has only now been revealed following the efforts of cyber security expert Collin Anderson and Amnesty International tech specialist Claudio Guarnieri.
Telegram uses SMS messages to send authorisation codes to new customers or existing customers logging in from new devices. The operator carrying this traffic could theoretically intercept these messages, allowing them to be accessed by hackers who could then use the code to authorise new devices to the user’s Telegram account, allowing the hacker to read any messages on the account.
Therefore, in any market where the state owns or has any degree of influence over an operator, the app’s authentication system could theoretically be open to abuse. Telegram has stated that if users take advantage of the app’s password function rather than merely relying on SMS verification, they would be able to counter any security breaches, saying: “if you have a strong Telegram password and your recovery email is secure, there’s nothing an attacker can do.”
It is believed that the hackers belong to a collective known as Rocket Kitten, who are known for using tactics notably similar to those of the Iranian security forces. The attack has come to attention following the Iranian authorities imposing a 12 month deadline for app makers to relocate their data servers to Iran as part of the country’s National Internet Project, which is aimed at creating a local network to store data.