The security services have started to intercept the SMS authorization code-Telegram.
#steem #telegram
It seems that the authorization by SMS in the Telegram messenger compromised. This was announced today warned users Pavel Durov himself.
"Apparently, the Russian security services have decided to start to put pressure on the operators, so that they began to intercept SMS-authorization code. Typically, this occurs only in the cannibal, not caring about their reputation modes - Central Asia, the Middle East sometimes. But suddenly happened in Russia (unless, of course, cut corruption within MTS), "- says Pavel Durov.
Recommendation for the residents I have already published a problematic countries; We will also do a mass mail-Telegram in Russia with the board over the endangered users to enable two-factor authentication, as the RF carriers as a verifier unreliable. "
He described the April 29 one of the users Oleg Kozlovsky.
This is how events unfolded, in his words:
At 2:25 the night of MTS technological security department disables me delivery service of SMS-messages.
After 15 minutes, at 2:40, someone with the Unix-console by IP-address 162.247.72.27 (this is one of the Tor anonymizer servers) Telegram sent a request for authorization of a new device with my phone number.
I sent an SMS with a code that has not been delivered (the service is disabled for me).
3:08 The attacker enters the authorization code and get access to my account. Telegram sent me an automatic notification about this (which I read in the morning).
3:12 In the same way from the same IP-address (ie through the same session Tor) cracked George Alburova account.
At 4:55 technological security department MTS again includes me delivery service SMS.
The reason for opening and closing the MTS service called I refused, offering to write a letter of inquiry.
The main question is how the unknown persons had access to the code, which was sent to the SMS, but not delivered. Unfortunately, I have only one version: through SORM system or directly through the MTS tehbezopasnosti department (for example, on a call from the "competent authorities"). If there are other options - offer.
The main recommendation for all users Telegram: connect the two-stage authorization (ie not only SMS, but also the password). This is done in the security settings.
The main recommendation for the Telegram: not accept the authorization code, if it is not proof of delivery.
Interesting thoughts