You’re trying to protect yourself from the hacks and data breaches that make headlines every week. Great! Maybe you even switched to an encrypted messaging service that specifically touts its strong data protections. Smart! Or was it? In today’s security climate, apparently no good deed goes unpunished. Reuters reported today that more than a dozen Iranian Telegram accounts, the messaging app “with a focus on security,” have been compromised in the last year thanks to an SMS text message vulnerability. That may not sound like many, but the whole idea of Telegram is that no one can read your messages at all. Any breach at all is troubling. Additionally—and perhaps more alarmingly—the hackers were able to access the phone numbers of 15 million Iranian Telegram users.
Amnesty International technologist and researcher Claudio Guarnieri and independent security researcher Collin Anderson traced recent Telegram account breaches in Iran to the SMS messages Telegram sends to people when they activate a new device. The texts contain a verification code that Telegram asks people to enter to complete a new device setup. A hacker with access to someone’s text messages can obtain these codes and enter them to add their own devices to the person’s account, thus gaining access to their data including chat histories.
The researchers think the Iranian hacking group Rocket Kitten is behind the Telegram breaches, based on similarities to the infrastructure of past phishing attacks attributed to the group. There is widespread speculation that Rocket Kitten has ties to the Iranian government. “Their focus generally revolves around those with an interest in Iran and defense issues, but their activity is absolutely global,” says John Hultquist, who manages the cyber espionage intelligence team at the security firm FireEye, of Rocket Kitten. In the case of the Telegram attacks, the researchers also …