The recent spate broke the Telegram vulnerabilities in the end is how is it-vulnerability warning-the black bar safety net

2016-08-08T00:00:00
ID MYHACK58:62201677812
Type myhack58
Reporter 佚名
Modified 2016-08-08T00:00:00

Description

! Recently these two days, known as the“most secure”Messaging app Telegram of successive burst of Vulnerability, in turn, is the clipboard information disclosure, and is 1 of 5 0 0 million Iranian users phone number the exposure and how this two vulnerabilities are more dangerous? Exploit 1: To paste information disclosure Researcher Kirill Firsov discovered this vulnerability in the OS X version of the Telegram, copy and paste to the Telegram on the text will be logged to/var/log/system. log(syslog). So some of the privacy of chat history will be preserved. ! A Mac system generally will save 7 days of logs, but the attacker have to have physical contact in order to access to the log. However in an enterprise environment under the system, the log information will be sent to a dedicated log server, this may bring greater security risks. For this, the Telegram founder Pavel Durov explained that the reading log is very difficult, and in fact compared to the normal clipboard copy-paste is much safer, because any application can read your clipboard. But Pavel Durov says that Telegram still in vulnerabilities disclosed immediately after the repair, so now users who use the software should have no problem. Exploit 2: 1 5 0 0 million Iranian users phone numbers leaked ! Just paste the information leak broke the next day, another Iranian hacker claimed that they captured dozens of Telegram account, and then leak out 1 5 0 0 million Iranian users phone number. Telegram in the world has a billion users, and in Iran's Telegram users there are about 2 0 0 0 million, this is mainly because Telegram offers end-to-end encryption, to protect the user key only the user has, even if the Telegram company may also be unable to access to the message data. While in Iran such countries, a large number of dissidents, journalists, and even ordinary masses of the communications security very seriously, therefore it attracts a large number of users. 1 5 0 0 million user phone numbers leak, seems to have put the 7 5% of Iranian user's mobile phone number leaked over, and that this vulnerability Yan is not serious? Telegram blog about this explanation: the Someone check out those phone numbers are there in the Telegram to be registered, and then confirmed this 1 5 0 0 million a phone number. Results hack just to get those public data, and no access through those accounts. Telegram also said that the hackers used the API of the phone has not registered Telegram was tested, and the Company this year will introduce an API to query the limit, You can prevent such a large number of detection. “However, the Telegram is based on the phone contacts, anyone was able to find a phone number with no registered account”, the Telegram added that,”based on the contacts of the chat software are also do-WhatsApp, Messenger, etc.” Hack in a report, the other point is: the login process in the authentication text messages may be others get, they just use SS7 to obtain verification SMS to sign-up that a few ten account. Due to Iran's mobile communications providers are mastered in the hands of the government, hackers, worry about the Iranian government might use this point, the interception of dissidents validation messages, and then log in their account. Telegram in a blog post said, to intercept the verification SMS actually has been very difficult to say that the new threats, the company has been warning for some countries caution message is intercepted. Recommended that users turn on two-part authentication to prevent this attack. In fact send the verification SMS is the largest communications software, the practice, which in the average person it seems as if there's no problem, but Iran user for the security degree of attention than the average person is much higher, therefore, for them, such security measures is not enough.