As Telegram attacks rise, experts explain how to tell if you’ve been hit and ways to avoid it
KUALA LUMPUR, Sept 14 — When WhatsApp updated its terms and policies last year, it triggered concerns over privacy that led some users to seek out alternatives such as Telegram.
While the WhatsApp service itself included technology such as end-to-end encryption (E2EE) for privacy, the policy change indicated that it could begin sharing some data and user information with its parent company, Facebook (now Meta).
The resulting migration gave Telegram a massive boost to its userbase, which is now around 700 million worldwide versus WhatsApp’s two billion.
Like WhatsApp, Telegram also has E2EE to ensure protected messages cannot be easily read by unauthorised third parties. In 2017, security research firm Check Point Software Technologies released a report indicating that the E2EE on both platforms could be a potential vulnerability.
“The vulnerability allows an attacker to send the victim malicious code, hidden within an innocent looking image. As soon as the user clicks on the image, the attacker can gain full access to the victim’s WhatsApp or Telegram storage data, thus giving full access to the victim’s account. The attacker can then send the malicious file to all the victim’s contacts, potentially enabling a widespread attack.
“Since messages were encrypted on the side of the sender, WhatsApp and Telegram were blind to the content, and were therefore unable to prevent malicious content from being sent. After fixing this vulnerability, content will now be validated before the encryption, allowing malicious files to be blocked,” the firm said.
Check Point disclosed its findings to the WhatsApp and Telegram security teams in March 2017, adding that the two companies had promptly acknowledged the issues raised and developed fixes for its worldwide web clients.
While this vulnerability has been addressed, Telegram's popularity has still made it a more attractive target for hackers and scammers.
How to know when your Telegram is hacked?
Last month, Prime Minister Datuk Seri Ismail Sabri Yaakob lodged reports with the Malaysian Communications and Multimedia Commission (MCMC) and the police after his personal Telegram and Signal accounts were hacked.
It was believed that the accounts were used for fraudulent criminal activities, forcing the Prime Minister’s Office (PMO) to publicly advise those who received messages from the accounts to report them to the authorities.
According to cybersecurity solutions architect Brian Chang, one way to check was to monitor for unusual sessions on your Telegram app from the privacy and security settings.
Unrecognised activity here is a strong indication that your account may have been compromised.
“If this happens, first is to enable passcode and two-step verification from privacy and security settings. Next is to terminate all active sessions and logout then login again. Telegram is one of the most used messaging apps hence it would be targeted by hackers naturally,” Chang said.
He explained that while the E2EE system was secure, hackers usually use other tactics to compromise Telegram accounts “as they are aware that it is not realistic to hack the E2EE at this moment.”
“One of the tactics used by hackers is through compromised mobile phones, which will be able to steal SMSes and do mobile screen capture, which is then sent to the hacker — which is needed for Telegram login.
“Mobile phones can be hacked by tricking users to click on links within SMSes or emails which contain malicious codes or if a user installs cracked mobile applications or those from unofficial sources,” Chang explained.
Fow Chee Kang, the senior director of professional services at LGMS Berhad, explained that while genuine cases of hacking were unusual, user accounts could still be compromised by clicking on links leading to malicious websites or by entering one’s credentials on an already-compromised device.
“Generally, the end-to-end encryption used by messaging applications is considerably secure, but that is only for securing communication during transit.
“Due to it almost being impossible to crack the encrypted communication, hackers would normally target to hack the messaging applications servers such as using zero-day exploits or users (such as phishing, social engineering) instead,” he said.
Fow also cautioned users against trusting unknown parties who offer to help recover their compromised Telegram accounts.
“There are many parties who claim to be able to help in recovery, but do not trust these services. Instead, contact the messaging applications’ support by supplying detailed information to recover the account,” he added.
How can one beef up security?
The experts advised securing the app with a password that was easy to remember but difficult to guess, using two-factor authentication (2FA), and by locking access to the app with a personal identification number (PIN) or password where available.
Both Telegram and WhatsApp offer 2FA and app locking.
Chang cautioned against following links in unsolicited emails and messages from unknown senders, not to install applications from non-official sources, and periodically removing unused apps to reduce the risk of one’s device being compromised.
“Always run updates to ensure mobile phones and mobile applications are up to date,” he said, also advising users to install reputable mobile security applications to protect their devices.
Previously, the MCMC said it has received 2,093 complaints regarding cyber incidents as of August this year, amid concerns over compromised text messaging accounts.
MCMC’s corporate communications department told Malay Mail the complaints included unauthorised access to social media and personal messaging accounts and loss of access to their accounts due to forgotten passwords.
Malay Mail had asked MCMC about the actions taken by the commission to contain hacking activity on text messaging app Telegram.
According to MCMC, complainants who have lost access to their social media and personal messaging accounts have been advised to lodge reports with the respective platform providers.
It said most complainants sought MCMC’s assistance to regain access to their accounts, with MCMC providing guidance on the steps to take when lodging reports with the respective platform providers.
As for the issue of compromised or hacked Telegram accounts, MCMC said users are advised to read up on Telegram’s security features to use it more securely, including not sharing any security code or personal information with anyone.