Following the news that Iranian security researchers finding vulnerability in Telegram’s SMS authentication. Mark Loveless, Senior Security Researcher with Duo Labs commented below.
Mark Loveless, Senior Security Researcher at Duo Labs:
“Reports suggest that the Telegram accounts in Iran were compromised through what appears to be coordination between attackers and cellphone companies, and taking advantage of the fact that SMS is used to add new devices to existing Telegram accounts. While this implies cooperation by the cellphone companies, this cooperation is often not required. Attackers have been known to social engineer cellphone companies to get the same level of “coordination” or use other more technical means to compromise SMS, leaving all applications that use security measures involving SMS to be vulnerable. This is exactly why NIST recommends against using SMS as a part of 2FA (Two Factor Authentication), and why we always encourage our customers to use the cryptographically secure Duo Push for 2FA.
This is still not an excuse for using a weak or even no password at all on Telegram accounts. Reducing one of your two factors for authentication reveals any weaknesses in the other factor. Always use strong and unique passwords on all accounts – but especially in cases where it is being used to protect secure communications. This also includes email accounts that are used for password recovery.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…