How hack telegram


Exclusive: Hackers accessed Telegram messaging accounts in Iran - researchers

By Joseph Menn, Yeganeh Torbati

7 Min Read

SAN FRANCISCO/WASHINGTON (Reuters) - Iranian hackers have compromised more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users, the largest known breach of the encrypted communications system, cyber researchers told Reuters.

Amir Rashidi, an Internet security researcher who has worked with Telegram users who were victims of hacking, works at the offices of International Campaign for Human Rights in Iran, in the Brooklyn borough of New York, U.S., July 27, 2016. REUTERS/Brendan McDermid

The attacks, which took place this year and have not been previously reported, jeopardized the communications of activists, journalists and other people in sensitive positions in Iran, where Telegram is used by some 20 million people, said independent cyber researcher Collin Anderson and Amnesty International technologist Claudio Guarnieri, who have been studying Iranian hacking groups for three years.

MORE REUTERS TOP STORIES:

Didi's China dominance over Uber offers roadmap for ride-hailing rivals

Commentary: The real reason Washington calls Putin a thug

First Republican lawmaker breaks with party, backs Democrat Clinton

Telegram promotes itself as an ultra secure instant messaging system because all data is encrypted from start to finish, known in the industry as end-to-end encryption. A number of other messaging services, including Facebook Inc's FB.O WhatsApp, say they have similar capabilities.

Headquartered in Berlin, Telegram says it has 100 million active subscribers and is widely used in the Middle East, including by the Islamic State militant group, as well as in Central and Southeast Asia, and Latin America.

Telegram’s vulnerability, according to Anderson and Guarnieri, lies in its use of SMS text messages to activate new devices. When users want to log on to Telegram from a new phone, the company sends them authorization codes via SMS, which can be intercepted by the phone company and shared with the hackers, the researchers said.

Armed with the codes, the hackers can add new devices to a person’s Telegram account, enabling them to read chat histories as well as new messages.

“We have over a dozen cases in which Telegram accounts have been compromised, through ways that sound like basically coordination with the cellphone company,” Anderson said in an interview.

Slideshow ( 4 images )

Telegram’s reliance on SMS verification makes it vulnerable in any country where cellphone companies are owned or heavily influenced by the government, the researchers said.

A spokesman for Telegram said customers can defend against such attacks by not just relying on SMS verification. Telegram allows - though it does not require - customers to create passwords, which can be reset with so-called “recovery” emails.

“If you have a strong Telegram password and your recovery email is secure, there’s nothing an attacker can do,” said Markus Ra, the spokesman.

Iranian officials were not available to comment. Iran has in the past denied government links to hacking.

ROCKET KITTEN

The Telegram hackers, the researchers said, belonged to a group known as Rocket Kitten, which used Persian-language references in their code and carried out “a common pattern of spearphishing campaigns reflecting the interests and activities of the Iranian security apparatus.”

Anderson and Guarnieri declined to comment on whether the hackers were employed by the Iranian government. Other cyber experts have said Rocket Kitten’s attacks were similar to ones attributed to Iran’s powerful Revolutionary Guards.

The researchers said the Telegram victims included political activists involved in reformist movements and opposition organizations. They declined to name the targets, citing concerns for their safety.

“We see instances in which people ... are targeted prior to their arrest,” Anderson said. “We see a continuous alignment across these actions.”

The researchers said they also found evidence that the hackers took advantage of a programing interface built into Telegram to identify at least 15 million Iranian phone numbers with Telegram accounts registered to them, as well as the associated user IDs. That information could provide a map of the Iranian user base that could be useful for future attacks and investigations, they said.

“A systematic de-anonymization and classification of people who employ encryption tools (of some sort, at least) for an entire nation” has never been exposed before, Guarnieri said.

Ra said Telegram has blocked similar “mapping” attempts in the past and was trying to improve its detection and blocking strategies.

Cyber experts say Iranian hackers have become increasingly sophisticated, able to adapt to evolving social media habits. Rocket Kitten’s targets included members of the Saudi royal family, Israeli nuclear scientists, NATO officials and Iranian dissidents, U.S.-Israeli security firm Check Point said last November.

POPULAR IN THE MIDDLE EAST

Telegram was founded in 2013 by Pavel Durov, known for starting VKontakte, Russia’s version of Facebook, before fleeing the country under pressure from the government.

While Facebook and Twitter are banned in Iran, Telegram is widely used by groups across the political spectrum. They shared content on Telegram “channels” and urged followers to vote ahead of Iran’s parliamentary elections in February 2016.

Last October, Durov wrote in a post on Twitter that Iranian authorities had demanded the company provide them with “spying and censorship tools.” He said Telegram ignored the request and was blocked for two hours on Oct. 20, 2015.

Ra said the company has not changed its stance on censorship and does not maintain any servers in Iran.

After complaints from Iranian activists, Durov wrote on Twitter in April that people in “troubled countries” should set passwords for added security.

Amir Rashidi, an internet security researcher at the New York-based International Campaign for Human Rights in Iran, has worked with Iranian hacking victims. He said he knew of Telegram users who were spied on even after they had set passwords.

Ra said that in those cases the recovery email had likely been hacked.

Anderson and Guarnieri will present their findings at the Black Hat security conference in Las Vegas on Thursday. Their complete research is set to be published by the Carnegie Endowment for International Peace, a Washington-based think tank, later this year.

Reporting by Joseph Menn in San Francisco and Yeganeh Torbati in Washington; Additional reporting by Michelle Nichols at the United Nations and Parisa Hafezi in Ankara; Editing by Jonathan Weber and Tiffany Wu

Telegram App Store Secret-Chat Messages in Plain-Text Database

Spread this blog

EDIT: The following post * was not on a rooted or jailbroken device *. In order to access the plain-text secret-chat database containing the messages, we used our implementation of CVE-2014-3153. The claims that the device is rooted / jailbroken are incorrect and misleading.

I will start by quoting CryptoFail blog

“Telegram is an encrypted instant messaging app for iOS and Android devices. Obviously, I wouldn’t mention it on this blog if its crypto was perfect. In fact, it’s far from perfect. It’s almost horrifying.

I’m not sure if it was in response to some good criticism, but Telegram recently announced a crypto contest. Basically, if you can recover an email address that was encrypted with their secure messaging app, you can win $200,000 USD worth of Bitcoin.

Unfortunately, the contest is useless. Neither users nor Telegram developers will learn anything from the contest results. But, Telegram will still be able to point to the contest and say, “Look! No one has won the contest, so our software is secure!” Naive users will believe Telegram, and they will feel safe using dangerously broken encryption.”

I decided to take a closer look at the contest. My intention was to see if I could read encrypted messages without being on-the-wire. I conducted a test using Android OS version 4.4.2.

Telegram claims to be a privacy oriented messaging app capable of encrypting personal and business secrets – only they are not. A critical vulnerability discovered by Zimperium Mobile Security Labs exposes their more than 50 million users who believe the app provides the security to chat freely. Let me explain how we stumbled onto this vulnerability.

The old Crypto contests from Telegram reference breaking its protocol while being in the middle of an encrypted conversation. This is not a sound idea for two reasons:

1. In the real world hackers do not play by the rules.

2. This assumes hackers would try to break Telegram’s encryption in the middle, when you can instead find weaknesses in other protocols which provide more benefits (e.g: GoToFail to bypass SSL encryption on iOS).

The New Crypto contests by Telegram says, “…and this time contestants can not only monitor traffic, but also act as the Telegram server and use active attacks, which vastly increases their capabilities.”

As a result, I am not going to break the encryption simply by avoiding it. I am going to bypass the encryption by simulating an active attack on the device.

The best way to do this is by understanding the anatomy of cyberattacks and the architecture of mobile devices. It did not take me long to install Telegram’s software, find both the encrypted and non encrypted texts that I sent, along with a Database containing all of the above.

Telegram’s website says: “A Secret Chat is a one-on-one chat wherein all messages are encrypted with a key held only by the chat’s participants. By definition, it follows that no third parties can access the decrypted content without access to one of the devices.” This raises 2 questions: First, assuming a user has no physical access to the device and the device was hacked remotely – how easy would it be for the attacker to retrieve the end-to-end encryption deployed by Telegram? Second, if and how are the Telegram’s Secret Chats encrypted on the mobile device?

It’s easier to find a vulnerability in a phone and hack it remotely via URL/PDF/Man-In-The-Middle and other attack techniques that I have discussed before. Once you hack a mobile phone, you need to elevate your privileges in order to gain control of the device. This can be easily done using a Kernel exploit.

If you are new to mobile security, I’ve included some examples below that demonstrate how an individual can perform an attack on a mobile device remotely. This type of hack would be even easier for nation-state actors with even more resources, time and money at their disposal:

1. Client-side vulnerability: Chrome exploit – Pwn2Own Autumn 2013
2. Kernel exploit – CVE-2014-3153 (a.k.a – TowelRoot)

Let’s take a look at what I did. I started by creating secret messages within the Android version of the Telegram app with the intention of finding it non-encrypted somewhere. I assumed that the Secret-Chat messages were encrypted in memory, or at least in the local database. Is that too much to ask for from a privacy and security oriented text messenger?


If you take a screenshot as the attacker, a notification will be sent to both users – so one can assume that security and privacy must be a top priority for Telegram. However, to believe that an attacker will take a screenshot instead of taking complete control of the device is a bit naive.

I gave Telegram the benefit of the doubt and did not look for the more common mistakes that you can expect to see in non-security oriented programs. I simulated an attack originating from an App / Client Side vulnerability that gains permissions by running a kernel exploit (I used CVE-2014-3153)- as described above. There are cleaner ways to dump the results, but I just wanted to provide a proof of concept (POC). Telegram has a feature called “Secret Chat” with a lock (see above) that feels secure. I dumped the process memory of Telegram and searched for strings that contain the word I sent and received in the picture above.

As you can see – the words Woof, Text, Shlookido, Cookiedo, Tambalul and NotSoEncryptedInMemory are, well… not encrypted in the process memory. Any attacker that gains access to the device can read the messages without too much effort. The Secure-Chat messages can be read in clear-text in Telegram’s memory. This discovery prompted me to check to see whether there is an easier way to access the content of the messages – and I was successful.

While Telegram’s communication was supposed to be encrypted (it was broken as well…)

To complete my research I accessed the shell I received previously from running CVE-2014-3153 to look at the App’s files at /data/data/org.telegram.messenger/ and I discovered a file called Cache4.db in the app’s “files” folder:

I assumed “enc_chats”, “enc_tasks_v2”, enc probably stood for encrypted so I fetched this file and examined it. The file contained our secret messages in plain-text!

One of the most interesting features in the Telegram messaging app is the “Delete” messages function. My next attempt was designed to access and retrieve sensitive information previously deleted by the user. I wanted to retrieve deleted messages directly from the memory or cache4. db files.

1. Memory:
I clicked on options->Set Self Destruct to 5 seconds, and I expected the message to be deleted but nothing happened on either phone. It looked like a bug, not a security related issue.

I deleted the message by clicking on options->delete.

An inspection of the cache4.db file showed no signs of the conversation. (A deleted message might be more interesting to an attacker.) After examining the cache4.db file I looked at the memory and was able to find the original conversation after I had deleted it from the memory.


Disclosure Timeline:

Below is the disclosure timeline that we follow as part of the Zimperium Zero-Day Disclosure Policy. We have made several attempts to contact Telegram’s security team and have yet to receive a response from Telegram for over 30 days. For reference, here is a copy of our policy: 30 days zero-day policy.

1. 17/1/2015 – Vulnerability found
2. 18/1/2015 – Vulnerability responsibly disclosed ZVD-2015-0100, ZVD-2015-0101, ZVD-2015-0102 according to our 30 days zero-day policy – no response from vendor.
3. 23/1/2015 – Asked vendor to comment – no response
4. 3/2/2015 – Asked vendor to comment – no response
5. 6/2/2015 – Asked vendor to comment – no response
6. 23/2/2015 – Vulnerability made public

Recommendation

My conclusion is simple.

While Telegram was founded upon a noble goal of providing privacy to consumers everywhere at no cost, they have fallen short of their objective by focusing purely on data-in-transit versus protecting data-at-rest on the mobile device itself. What is regrettable is that I approached Telegram multiple times and have yet to receive a response. Telegram’s so-called powerful encryption is not protecting users any better than any other page or app that uses SSL. If you are using Telegram because you want to ensure your privacy and the privacy of the messages you are sending, be aware that it will not stop sophisticated hackers from reading your messages. We highly recommended adding additional protection to your mobile device that can detect device-level cyberattacks.

In order to better protect critical communication, I would have expected Telegram (or any messaging software) to encrypt chat strings in memory, as-well as encrypting the conversations in the cache4.db file. Zimperium’s Mobile Threat Defense system detected the entire attack chain that was performed in-order to obtain the content of the secret messages

About Zimperium

Zimperium is the leader in Enterprise Mobile Security. The Zimperium Mobile Threat Defense system delivers enterprise-class protection for Android and iOS devices against the next generation of advanced mobile threats. Developed for mobile devices, Zimperium uses patented, behavior-based analytics that sit on the device to protect mobile devices against host and network-based threats wherever business takes them.

Follow me on twitter (@ihackbanme)

How to hack Telegram? 5 ways to hack Telegram

Is it possible to hack Telegram - answered hundreds of hackers and experienced programmers who took part in the competition from the developers. They identified all the existing vulnerabilities, for which they were awarded hefty cash prizes.

Read more in the article: $300,000 is promised to those who hack Telegram

As the developers say, their creation is absolutely closed from special services, unlike Viber, Skype, and others. You can open the page only by logging in via SMS confirmation, which eliminates the possibility of selection or interception of verification data. And what did you expect? That there will be detailed instructions for dummies here, how to hack a telegram bot or how to hack Telegram itself? - this is impossible even for many experienced programmers, not to mention noobs. Those classic tricks that you may be familiar with on Vkontakte do not work here: phishing, warming, etc.

Interception of traffic

The most common article in data acquisition by third parties. As it became clear from the title, the data transmitted from the client to the server is intercepted. Listening to traffic is complicated by encryption, which makes this type of hacking almost impossible, it is almost impossible to decode the bytes.

Intermediary attack

This type involves the intervention of a third party, a device that will replace the embedded data. Each message is closed with an AES key, which cannot be modified from the outside, the DH exchange protocol and the public server key prevent this.

SMS interception

Perhaps this is one of the few ways to hack Telegram. Many advanced programmers will agree that it will be much easier to intercept SMS than to receive and decrypt user chats protected by the MTProto protocol.

DDoS

This way you can crash the server part of the application, which happened in July 2015. For several hours, the utility worked with difficulties all over the world. Before hacking Telegram in this way, you will need a lot of money, DDoS is one of the most expensive attacks.

For lovers and others…

Yes! Hacking Telegram or even just fooling a bot is almost impossible from a software point of view, but possible from a human point of view. After all, no one canceled social engineering.

As an idea: Follow your beloved, put the application on your computer, from her phone or on any smartphone, but there is a flaw. Do not mark as read because it will be noticeable. + At any time it will be possible to understand the active sessions and close them.

PS: And it is better to trust or talk - the easiest and right decision. Even if the truth is not so good! Good luck!

Protection: Take it right now and check whether you have been hacked and read your correspondence?

  1. Open your Telegram settings;
  2. Item "Privacy and Security" or "Confidentiality" - the name of the item depends on the operating system (Android or IOS) and OS version.
  3. Select "active sessions" or "active sessions". If suddenly, there is an unfamiliar device, complete it.

How to protect yourself and not let someone else's Telegram messages be read? The most detailed instruction!

what to do if telegram is hacked

Any telegram account is a great target for hackers. And if it also belongs to the owner of the channel with a large audience, even more so. Today we will tell you how to hack a Telegram account and how you can protect yourself from it.

Content

  1. Can Telegram be hacked
  2. Telegram hacked: the most popular cases
  3. Telegram hacked: what to do
  4. How to protect yourself from hacking in Telegram

Is it possible to hack Telegram

Telegram messenger is considered one of the most reliable in its category. The developers managed to achieve this by using a special telegram protocol - MTProto. According to the creators, it provides the greatest protection of personal data and correspondence in the offer.

To justify the security of the program, the developers even announced a special competition: anyone could try to hack the "cart". The winner would receive a cash prize. So, let's try to figure out how you can hack a group in a telegram, an account, a channel.

Part of the MTProto protocol is in the public domain. The protocol is based on publicly available cryptographic encryption algorithms. Of course, the creators of the messenger have taken measures to protect against various attacks, but they cannot be 100% sure of the security of this system.

That is why it cannot be said that Telegram is guaranteed safe. For example, let's describe one very common way that scammers use to hack telegram accounts. The user receives a message in the messenger from his friend or acquaintance with the text, where he is asked to download something, or promising some kind of win, or an opportunity to earn money if you follow such and such a link. Since he really communicated with this person, he trusts him. But by clicking on this link, a person simply transfers his account to the attackers.

And there are a lot of such cases, so it is important to protect your account from hacking. We have detailed instructions on how to do this below.

Telegram hacking: the most popular cases

Basically, all massive cases of hacking telegram accounts are committed by a group of scammers with the aim of blackmailing and extorting money. The most famous "versions" of such hacks are:

  • Letters of "misfortune". These are the same cases with clicking on links from your contacts, which we described above. Further - hackers gain access to your account and say that they will return it only for a certain amount.
  • Extortion through bots. Telegram has a new method of fraud - logins and passwords, personal data of users are collected by local bots, and then people receive emails in which blackmailers promise to reveal personal information about the victim's activities on the network, send it to their friends, relatives, etc.
  • Interception of SMS codes. Such a fate may await users who did not enable two-factor authentication. Hackers log into your account with a captured passcode and gain access to all your data.

The telegram code does not come to the phone: causes and their elimination

And there are many similar fraudulent schemes on how to hack Telegram accounts. True, sometimes hacking happens not for selfish purposes. So in March 2022, a massive hacking of telegram channels occurred in connection with the desire of hackers to place calls on them to participate in illegal actions.

Telegram hacked: what to do

If someone tries to log into your telegram account, you will receive a message with a password to enter. If someone has already logged in from a new device, no matter from a computer or smartphone, you will receive an alert indicating the IP address, location, date and time of the new login. If you did not make this login, then your account was hacked, and now it can be used for personal gain. Here are some solutions to fix this issue.

First, let's analyze the situation when you have access to the Telegram application:

  1. First of all, go to the " Settings " messenger and go to the tab " Devices ".
  2. Here we see all active sessions. Click on the red button " End all other sessions ".

This allowed us to, so to speak, “throw out” the attacker from our account. But we are not completely protected. Therefore:

  1. We go into the security settings and enable two-factor authentication.
  2. This means that a hacker will not be able to enter your account, because to enter you will need not only a passcode generated by the messenger, but also a password that will be set by you.

More about the Telegram Password Code

It’s a completely different situation when you don’t have access to your Telegram account (for example, if your phone was stolen), then:

  1. We call our operator and ask them to block the SIM card. Now, to restore access to the account, we request the restoration of the old number on a new SIM card.
  2. After that, go to your account and delete the "Active session".

You can also contact telegram support. To do this:

  1. Follow the link telegram.org
  2. Describe your problem, indicate your phone number and email so that you can be contacted.

Many people send their personal data, card numbers, passport, etc. via Telegram. And they don’t clean up after themselves, but you can create a secret chat and set up auto-delete. And if during a hack, scammers get hold of this information, they can continue to spoil your life. And to avoid this, you need to protect your account. More on that below.

How to protect yourself from hacking in Telegram

To protect your profile from others to the maximum, you need to do the following:

1. We use two-factor authentication.

2. Activate the additional password.

3. From time to time we monitor the activity of other devices: we look at active sessions, follow the notifications from the messenger.


Learn more