Submitted by error in netsec (edited )

"The hack took advantage of a feature offered by a Brazilian voice-over-IP company that allowed account holders to alter their caller ID—the number that registers on the receiving end of a call. This feature, combined with the fact that many phone providers in Brazil allow people to access their voicemail by calling their own number, made for a handy virtual lock-picking device. If a hacker simply changed his caller ID to the number of someone he wanted to target, he could spoof their phone and access their voicemail. At the time, when a Telegram user wanted to attach their account to a new device, they had the option of requesting a verification code via an automated voice call from Telegram. Delgatti realized that he could spoof a victim's phone to request that code. Then, if Telegram's automated voice call didn't get through—because Delgatti initiated the hack late at night while his victim slept, or kept the line busy by calling his victim at the same time—the code would be sent to the person's voicemail. He could then spoof the target's phone once again to gain access to their voicemail, retrieve the verification code, and then add the victim's Telegram to his own device. After that, he could download their entire chat history from the cloud."

While this may no longer be effective for Telegram this does represent a decent attack vector for a low tech attack if you are cycling through someones possible accounts (mapping interations) or making copies of messages or impersonating someone altogether.

Mitigation: Pin setup for voicemail, or use a messenger like Signal that alerts contacts when an account has changed devices.

https://www.wired.com/story/brazil-hacker-bolsonaro-car-wash-leaks/

4

Comments

You must log in or register to comment.

There's nothing here…