Telegram rolls out fix for voicemail hack used against Brazilian politicians

[steven36]

Instant messaging service Telegram has rolled out a fix over the weekend to prevent hackers from abusing voicemail accounts to gain access to other users' accounts.

 

 

The trick, known as a "voicemail hack" or "voicemail hijack," has been used in the past few months to gain access to over 1,000 Telegram accounts in Brazil, including ones belonging to local politicians.

 

Some of the most high-profile victims of recent attacks include Brazil's President Jair Bolsonaro, Justice Minister Sergio Moro, and Economy Minister Paulo Guedes.

How the voicemail hack works

The "voicemail hack" revolves around the process of adding a Telegram account to a new device. For this operation, a user can request that a one-time passcode be sent via a voice message call to the account owner's phone number.

 

If the account owner failed to answer the call for three consecutive times, or if the user was busy with another call, the one-time passcode would be sent to the user's voicemail account, provided by the user's mobile telco.

 

Hackers would then use VoIP services to spoof the victim's phone number, access the voicemail account, use a default password of 0000 or 1234 (which most users don't change), and retrieve the one-time passcode. With the one-time passcode, hackers would then add another user's Telegram account to their own device.

 

While some crooks used this trick to hijack legitimate accounts to send spam, some hackers used it to gain access to the message history of famous Brazilian politicians.

Telegram rolls out a fix over the weekend

 

But starting this weekend, Telegram has rolled out a fix to prevent the attack from working.

 

"As of recently, it is only possible to request a code via call if your account is protected with two-step verification," a Telegram spokesperson told ZDNet.

 

The fix has been rolled out for all Telegram users, and not just those in Brazil, Telegram confirmed.

 

This very same "voicemail hack" didn't only work against Telegram. The hack has been known since 2017 and was initially discovered and abused to hijack WhatsApp accounts. Since then, security researchers proved the trick could also be used to hijack accounts at many other services, such as Facebook, Google, Twitter, WordPress, eBay, or PayPal.

 

Source

[mkc21]

how come they don't use whatsapp? It is so weird

[steven36]

3 hours ago, mkc21 said:

how come they don't use whatsapp? It is so weird

They lots of people who don't use whatsapp witch is just the closed source version of signal . I don't use phone apps that wants your phone number at all i use Open source Pigeon with Open source XMPP Protocol  with open source end to end encryption they have servers all around the world  you only need to belong to one to talk to everyone on XMPP many servers dont log and many don't require even a email to sign up.   El Chapo got busted using IM it don't do a bit of  good if someone works  for you  or you trust  turns on you and gives the feds access  to there computer,

Whatsapp is no better than Telegram

 

WhatsApp still isn't safe: 5 things you must know before using messaging app

https://www.businesstoday.in/technology/top-story/whatsapp-5-things-you-know-using-messaging-app-facebook-malware/story/364647.html

 

They both mainstream apps being watched closely  by world governments  and being exploited by hackers . Telegram has had a official Windows and Linux app for ages were  Whatsapp is just now getting a official one for Windows 10.  It has warez releases and programs on Telegram groups that cant be found on the clear net .