Protect your voicemail; hackers could spy on your Telegram chats

Privacy is a primary feature for many users of online services concerned about their information security, so tools like Telegram, instant messaging app with a specialized focus on privacy find more and more users each day, experts in cybersecurity services mentioned. However, this effort to keep private information secret can be targeted in different ways.

Privacy on Telegram has caused many governments
to try to ban these services or, in other cases, regulate tits use and ensure
that developers provide access to content shared by users. On the other hand,
many prominent members of various governments use these services to maintain
confidential communication channels, which is very attractive to their
adversaries and others interested in publicly disclose private information.

An example of this is the case of Sergio Moro,
Minister of Justice of the Brazilian government, who last June informed the
media that his smartphone had been hacked. Just days after the announcement,
the content of his Telegram conversations began to flood news from across the
country.

After an investigation, four individuals were
arrested for the incident; Brazilian authorities later discovered that the
attackers also targeted Telegram conversations by other politicians, such as
President Jair Bolsonaro and Brazil’s economy minister, Paulo Guedes, claim
specialists in cybersecurity services.

The researchers concluded that the information
of these politicians was compromised using one of the oldest and most
well-known techniques, hacking voicemail services. According to cybersecurity
services specialists, like other platforms, Telegram is vulnerable to account
restart or SIM
swap attacks. Exploiting these weaknesses, all a hacker should do later
is install the app on a device under their control and use the SMS verification
message to access the victim’s account.

In addition to these techniques, Walter
Delgatti, one of those arrested for this incident, claimed that he and his
accomplices used voicemail services to easily obtain Telegram verification codes.

International Institute of Cyber Security
(IICS) cybersecurity services specialists mention that it is too easy for
hackers to access a phone user’s voicemail records, because although this
service can be protected with a PIN, almost no user deems it necessary. In
addition, even if these four-digit keys are implemented, it is relatively easy
for hackers with basic skills to break this security measure.

Although mobile phone operators try to mitigate
this risk by verifying the identity of users, falsifying a phone number is also
a very easy practice for attackers once they know the victim’s original number.

When attackers manage to access the victim’s
voicemail they can retrieve any records stored there, from missed call messages
to verification codes for Telegram use or other similar services. 

This attack vector became so popular that more
similar cases soon appeared, such as that of Ricardo Roselló, governor of
Puerto Rico, who was forced to resign from office after the content of his
Telegram conversations were leaked.

Finally, the company reported that some updates
were made to prevent this attack variant, so from now on Telegram users will
only be able to request a login code via voicemail if they have authentication
multi-factor to access the platform.

(Visited 4 1 times)

Comments are closed.