It seems that the authorization by SMS in the Telegram messenger compromised. This was announced today warned users Pavel Durov himself.#steem #telegram
"Apparently, the Russian security services have decided to start to put pressure on the operators, so that they began to intercept SMS-authorization code. Typically, this occurs only in the cannibal, not caring about their reputation modes - Central Asia, the Middle East sometimes. But suddenly happened in Russia (unless, of course, cut corruption within MTS), "- says Pavel Durov.
Recommendation for the residents I have already published a problematic countries; We will also do a mass mail-Telegram in Russia with the board over the endangered users to enable two-factor authentication, as the RF carriers as a verifier unreliable. "
He described the April 29 one of the users Oleg Kozlovsky.
This is how events unfolded, in his words:
At 2:25 the night of MTS technological security department disables me delivery service of SMS-messages.
After 15 minutes, at 2:40, someone with the Unix-console by IP-address 162.247.72.27 (this is one of the Tor anonymizer servers) Telegram sent a request for authorization of a new device with my phone number.
I sent an SMS with a code that has not been delivered (the service is disabled for me).
3:08 The attacker enters the authorization code and get access to my account. Telegram sent me an automatic notification about this (which I read in the morning).
3:12 In the same way from the same IP-address (ie through the same session Tor) cracked George Alburova account.
At 4:55 technological security department MTS again includes me delivery service SMS.
The reason for opening and closing the MTS service called I refused, offering to write a letter of inquiry.
The main question is how the unknown persons had access to the code, which was sent to the SMS, but not delivered. Unfortunately, I have only one version: through SORM system or directly through the MTS tehbezopasnosti department (for example, on a call from the "competent authorities"). If there are other options - offer.
The main recommendation for all users Telegram: connect the two-stage authorization (ie not only SMS, but also the password). This is done in the security settings.
The main recommendation for the Telegram: not accept the authorization code, if it is not proof of delivery.
Interesting thoughts