Semicolon's information security team has detected a massive cyberattack targeting users of the Telegram messaging app. Exploiting the vulnerability in the application allows attackers to hack accounts without communicating or interacting with the victim, knowing that the Telegram application is considered one of the most secure messaging applications in the world.
In the details of the attack, which has been circulating in Lebanon over the past few days, the team revealed that the vulnerability lies in the unique verification code feature that is sent to users when they try to access their accounts from a new device or browser. Access. Users must enter it to verify account ownership. An attacker could exploit this vulnerability to obtain code on behalf of a user that would allow the user to access an account and view or know the user's conversations and information without the user's permission.
Telegram has two types of verification codes, the first is sent via SMS if the user is new to the app and has never opened their account from any device or browser, and the second is sent via a message in the Telegram app itself (from the official and verified Telegram account). with a blue tick) when the account was previously activated on another device or browser, and the attack was notable because it targets the second type, because in all cases when their victims received activation codes via in-app Telegram messages instead of short text messages, we monitored and monitored the victim seconds before they were notified That the account has been opened and used on a new device.
How did the attack happen?
According to a report based on technical analysis, the attackers used leaked or illegally generated lists of phone numbers associated with Telegram accounts, and it could be similar to the list leaked by the WhatsApp service a few months ago and the most affected are more than 487 million. Users Posted by the Cybernews team, 25% of the database is being sold on dark web forums for around $7,000.
Attackers use these lists to automate attacks with malicious code in order to attack as many accounts as possible in a short time. 5 minutes).
What security vulnerabilities are there?
Telegram is solely responsible for accurately disclosing the causes of the security breach, but based on the team's initial estimations, the breach was supposed to have been caused by a vulnerability in one of Telegram's services that allowed hackers to generate an unlimited number of verification codes. , or the so-called brute force attack. Note that the captcha is only 5 digits long, which makes it easy to identify the encrypted system of messages sent within Telegram containing the captcha in a few seconds, in the event of an error or an error caused by an attacker intercepting a packet and intruding on its contents, the cipher can be exposed in the clear and not encrypted.
Who is behind this attack?
The Semicolon team tracked the IP addresses used in the attacks and was able to identify key service providers and individuals suspected of involvement in attacks including spam, web application attacks, and brute force attacks. Affected people reported the attacks, and addresses were blocked and blacklisted.
How did the Semikolon team handle Telegram?
Semicolon team manager Fayyad Atwi said the team formally contacted Telegram and provided them with three detailed reports that included an analysis of multiple instances and information about the attackers, their devices, digital addresses, and the root cause of the attack. Possible causes of serious security problems. vulnerabilities, we expect Telegram Protection to address and address these reports. End the attack as quickly as possible.
How can we protect our accounts from this type of attack?
The Semicolon team recommends that all Telegram users on all devices and operating systems activate 2-step verification provided by Telegram. Experience has shown that while attackers were able to obtain verification codes, they were unable to compromise accounts that had this feature enabled.
To activate the function, you must enter the following: (Settings), then (Data Protection and Security) and (Two-step confirmation). Then enter a strong password with multiple letters and numbers as well as an email address if you forgot it.