Search This Blog

Showing posts with label Telegram. Show all posts

WhatsApp Clients Resort to Other Messaging Platforms

 

WhatsApp has told its two billion clients they should permit it to share information with its parent organization Facebook if they wish to keep utilizing it. All WhatsApp clients would not be able to proceed with the service except if they accept the new terms by 8 February. The stage said the update will empower it to offer features, for example, shopping and payments. 

Message platforms Signal and Telegram have both seen a gigantic surge in downloads around the world over after a questionable update to WhatsApp's terms and conditions. 

As per information from analytics firm Sensor Tower, Signal was downloaded all around the world multiple times the week before WhatsApp declared the change on 4 January and 8.8 million times the week after. This included big surges in India, where downloads went from 12,000 to 2.7 million, the UK from 7,400 to 191,000, and the US from 63,000 to 1.1 million. In a progression of tweets, Signal said a few people were detailing issues with creating groups and postponements to verification codes showing up in light of the fast development but that it was addressing the issues. 

Telegram has proved to be even more popular, with downloads booming all around the world from 6.5 million for the week starting 28 December to 11 million over the next week. In the UK, downloads went from 47,000 to 101,000. Furthermore, in the US they went from 272,000 to 671,000. During the same period, WhatsApp's worldwide downloads shrank from 11.3 million to 9.2 million. 

One industry watcher said he didn't think this fundamentally spoke to a major issue for WhatsApp, which has been downloaded 5.6 billion times since its launch in 2014. 

"It will be hard for opponents to break user habits, and WhatsApp will keep on being one of the world's most popular and broadly utilized messaging platforms," said Craig Chapple, mobile insights strategist at Sensor Tower. 

WhatsApp reassured its clients that it doesn't keep logs of every individual who is messaging, it can't see your shared location, it doesn't share your contacts to Facebook, and that groups can stay private. It likewise exhorts clients that they actually have the choice to set messages to disappear and that they can't download their information. WhatsApp's clarification may figure out how to reassure a few clients that the privacy changes aren't as troubling as first dreaded, yet for other people, it might have come past the point of no return.

Researcher Exposes Telegram's Location Bug, Company Say It's a Feature

An expert who observed that messaging platform Telegram's "People Nearby" feature revealed risk of accurate user location, is now informed that the feature is "working as expected." Users who use the "People Nearby" feature can view a list of other telegraph users within a short mile radius. Users can also find local group chats.  

Ahmad Hassan used a software that allowed him to fake the location of his Android phone, using it, he found locations of individuals from three different points. He used trilateration to pinpoint exact user location. Using this method, Ahmed could get accurate location of the users, including their home addresses, which is quite easy.  Hasan had found the issue hoping to get Bug Bounty as a reward, instead, he was told that the Telegram users share their locations intentionally i the "People Nearby" section. To determine the exact location of the users, one can expect sometimes to find it under certain conditions.  

But Hasan says that when a user allows "People Nearby" location, he is indirectly posting his residential address online. Many of the users are unaware of this information while they are using the feature. He also believes a widespread problem exists where hackers or users with malicious intent can use fake locations to join local group chats, and attack users with spams or phishing attacks using malicious links. It includes fraud links and fake Bitcoin investments, which is a proof to the poor app security.  Telegram claims that their platform is "more secure than mass market messengers like WhatsApp and Line." 

However, Telegram fails to mention the risks that can arise from malicious users. Others apps in recent times have also experienced the location issue.  The Register reports, "obtaining the location of nearby users is not an issue exclusive to digital devices. A stranger may follow someone home, for example. It is also not so long ago that a huge printed directory of local names, addresses, and telephone numbers used to be delivered to almost every home in many countries – and in the UK BT's online Phone Book service still offers a person search, including address details for those who have not opted out."

The European Commission added VKontakte and Telegram to the list of pirate sites

VKontakte is surprised by the decision of the European Commission to include the social network in the list of resources that contribute to online piracy, the company has been interacting with copyright holders for many years and quickly restricts access to controversial content

The European Commission has published a new list of resources that promote piracy and can benefit from it. The list for the first time included the Telegram messenger and the social network VKontakte.

The list is formed on the basis of reports from groups of right holders. According to the European Commission, Telegram users, including using public channels, "exchange illegal content, in particular music, books, news publications, films and TV programs." In addition, subscribers share links to other sites that host pirated content.

The social network "VKontakte" is also included in the list due to many complaints from copyright holders. Users of the social network can have unauthorized access to books, as well as to movies and TV shows, in particular through the built-in video players.

Both Telegram and VKontakte objected to their inclusion in the"piracy watch list". Telegram told the European Commission that it "does not tolerate any malicious content on its platform" and removes it within 24 hours. VKontakte also noted that it is fighting piracy. In particular, the social network indicated that the copyright holder can complain about copyright infringement through an electronic form. According to VKontakte, its employees processed more than 1.36 million such complaints, most of which ended with the removal of content.

"We are surprised by the inclusion of VKontakte in this list, as for many years we have been actively interacting with copyright holders in various areas," said the press service of the social network.

According to them, the company signed agreements with the world's largest copyright holders of music products, including Universal Music, Sony Music, and Warner Music, The Orchard, Merlin Network, Believe Digital.

Hackers attacked major Telegram channels via video on Yandex

 On November 10, hackers conducted a major attack on popular Telegram channels. Reddit's administrators completely lost access to the channel, to which 236 thousand people were subscribed. The attackers used the old scheme: they simply sent the Trojan-infected file to the administrators

Hackers stole the Telegram channel of the Reddit forum, administrators could not log in to the control panel. The Telegram channel Baza was also attacked, but the attackers failed to gain access to the channel.

The hackers had the following scheme: they offered to buy advertising space, but first they asked to watch a video with their materials, which could be downloaded from Yandex.Disk. The document could not be opened on a mobile device, and hackers offered to download it to a desktop computer.

After launching the file, the owner of the Reddit channel with 236 thousand subscribers was no longer able to access it.

General Director of the lab Studio.AG Artem Geller explained that this is a very old method of fraud, and Windows is an object for such files. Hackers, under various pretexts, send material containing malware. It allows access to the entire operating system if the victim opens the file. In this particular case, the attackers were interested in Telegram, so the Reddit account was stolen.

Can't blame Yandex.Disk for missing the Trojan. According to Geller, about 300,000 new viruses appear every day in the world, so it's simply impossible to catch them all. Moreover, it may not be a new virus, but a modification of the old one. At the same time, the Trojan has no task to destroy the computer system.

Cloud storage is a convenient way for fraudsters, because they can upload a file of any size there, unlike email. Unprotected, unencrypted files without passwords are loaded into these vaults.

According to the information security expert Alexander Vlasov, we must remember one thing: those who provide the service for free, never sign up to the fact that they will protect your files. Yes, they are trying to track malware, but within the general outline of the ecosystem.

Apple denied Durov's statement about the request to block Telegram channels about Belarus

The founder of Telegram, Pavel Durov, accused Apple of trying to "avoid responsibility for complying with its own rules" by using "tricky language". Durov wrote about this in his Telegram channel.

Earlier, Durov said that the Corporation requested the blocking of three channels dedicated to Belarus. They published photos and personal data of security forces and members of election commissions who, according to the authors, committed violations in the elections. The total number of subscribers was about 100 thousand.

According to Durov, Apple's "trick" lies in the company's claim that it does not require disabling three Belarusian channels that disclose the personal data of security forces involved in suppressing protests. Apple requires not to publish posts that disclose personal information. However, Durov notes, the company does not mention that these channels consist entirely of such posts.

"By hiding its requirements in vague words, Apple is trying to avoid responsibility for complying with its own rules", said the founder of Telegram.

"It's time for Apple to learn to take responsibility for its policies, rather than trying to hide them from users,” added he.

According to Durov, he would prefer to keep these channels. The founder of Telegram suggested that they will eventually be blocked on devices using the iOS operating system, but the channels will remain available on other platforms.

According to Apple, the company received complaints from users that their personal data, including names and phone numbers, was transmitted through channels. These complaints were passed to the messenger team, asking them to remove information that reveals someone's personal data on the Internet without their consent, as well as content aimed at specific people.

Telegram did not raise any objections, but promised to check this information and inform Apple about the results of the check.

Earlier, E Hacking News reported that a group of hackers threatens to bring down the tax, energy and banking systems of Belarus if the head of state Alexander Lukashenko does not comply with the ultimatum.

Telegram Takes Down Islamist Propaganda on its Platform, Extremist Groups Struggle


The social networks and US military have imposed high regulations to control Islamist propaganda on social media and have been able to take down Islamic State terrorist groups. After this move, experts say these groups are now struggling to recover their control on the mainstream social media apps and networks. As most of the major social networking sites have choked the group, the Islamist group has tried to build its propaganda on small sites. But even there, it has met by strong regulations by the authorities. According to Europol, an EU (European Union) law agency, the social networking companies have tried to bring down these Islamist propaganda content growing on their websites, in an attempt to take down the extremist group activities on social media.


Europol, in its report, said, "While Google and Instagram deployed resilience mechanisms across their services, Telegram was the online service provider receiving most of the referral requests during this Action Day. As a result, a significant portion of key actors within the IS network on Telegram were pushed away." These extremist groups used Telegram as their primary platform of propaganda until 2019.

According to Europol, Telegram had removed up to 5000 terrorist profiles and bots in two days, in an effort against shutting down the Islamist propaganda. Earlier, it was only able to take down 200-300 accounts on average. After that incident, the extremist groups moved towards more covert apps like the Russian "TamTam" and "Hoop Messenger." Canada hosts these websites. The IS, in apparent desperation, has also started using chat services designed for blockchain developers to spread their messages. In 2016-17, the US cyber command took action against these extremist groups. It shut down recruitment groups and suppressed their further attempts to spread the messages.

Currently, the US cyber command has presidential approval to combat IS propaganda with cyberattacks. They have also widened their jurisdiction area since then. "In the past year and a half, Telegram has also put forth a considerable effort to root out the abusers of the platform by bolstering its technical capacity in countering malicious content and establishing a close partnership with Europol," says Europol.

Pavel Durov called on Apple to oblige to install different application stores


Apple should allow users to install apps not only from its own App Store. This opinion was expressed by the founder of Telegram messenger Pavel Durov. According to him, Tim Cook (CEO of Apple) should be obligated to this at the legislative level.

The day before, high-ranking Telegram Manager, Vice President of the company founded by Pavel Durov, Ilya Perekopsky, spoke at a panel discussion with Russian Prime Minister Mikhail Mishustin and representatives of the IT industry in Innopolis. He said that Apple and Google are holding back the development of startups by charging a tax of a 30 percent Commission from app developers. Almost simultaneously with Perekopsky's speech, Durov published an article in which he called for Apple to be legally obliged to install an alternative App Store on the iPhone.

Durov is sure that if this is not done, then app developers, in particular, from Russia, will be forced to sell their startups for little money. At the same time, Apple's capitalization will only grow.
“Preventing two supranational corporations from collecting taxes from all of humanity is not an easy task. Corporations employ thousands of lobbyists, lawyers, and PR agents, and their budgets are unlimited. At the same time, app developers are scattered and scared, as the fate of their projects depends entirely on the favor of Apple and Google," wrote Pavel Durov.

The head of the TelecomDaily information and analytical agency Denis Kuskov noted that changing the market is quite difficult because these two companies are leading it. Therefore, Durov needs to accept this fact.

Durov recalled that in 2016, Apple banned the Telegram team from launching its own game platform: "We had to remove the telegram games catalog that we had already created and almost the entire platform interface, otherwise Apple threatened to remove Telegram from the AppStore." According to Durov, in a similar way the iPhone manufacturer does with many other developers.

Telegraph service was unblocked in Russia


Russia stopped blocking the popular Telegram messenger almost a month ago. However, the related Telegraph service continued to be blocked. Now Russia has also unblocked the Telegraph platform for publishing and creating articles. 

The Telegraph platform was launched by the Telegram team in November 2016. It is designed to quickly create and publish articles, notes, and other similar content, a link to which can then be easily shared. Registration is not required for publication.

The blocking of the Telegra[.]ph service in Russia began at the end of 2018, a little later than the Telegram messenger.

According to the Roskomsvoboda resource, which closely monitors the registry of blocked sites, all pages with the Telegra.ph domain, which were blocked in Russia by the decision of a particular authority, are now excluded from the blocking registry. The last two similar pages were removed from the blacklist only on July 11.

It is interesting to note, according to Press Secretary of the President of Russia Dmitry Peskov, the cancellation of restrictions on access to the Telegram messenger in Russia is perceived positively in the Kremlin, as it is in line with the course of President Vladimir Putin on the development of the high-tech industry.

The Press Secretary of the Head of State also noted as a positive fact the participation of heads of the company that owns the messenger in government events on the development of the IT industry.
Recall that in Russia since April 2018, Telegram was blocked for non-compliance with the requirements for providing encryption keys, but during the coronavirus pandemic, the government began to use the messenger to distribute official information. In this regard, the State Duma even introduced a bill to unblock Telegram.  On June 18, Roskomnadzor decided to remove restrictions on access to the messenger, the creator of which, Pavel Durov, congratulated the Russians on this event.

IM Platforms Increasingly Used by Threat Actors in Place of Dark Web Marketplaces


Researchers at IntSight have discovered that IM platforms such as WhatsApp, Telegram, Discord, IRC, and Jabber are being used by cybercriminals for advertising and putting their goods and services on sale. One of the major reason as to why cybercriminals are switching to these IM platforms from the conventional ones is 'law enforcement practices'; law enforcement operations have been targeting online darknet markets one after another. Earlier in 2017, the world's largest dark web market, AlphaBay was taken offline, sending darknet users into chaos. Immediately after, the cyberspace witnesses the shut down of Hansa, another major darknet market. As more and more major dark web markets went offline due to the law enforcement penetrations, cybercriminals are wisely migrating to new platforms.

Although threat actors are loving IM platforms, the regular cybercrime sources such as dark web markets, credit card shops, and forums are still witnessing their web usual traffic. These platforms have more advantages such as chatbots, fewer rules, and automated replies due to their core nature, unlike IM platforms that are majorly meant for communication.

While giving insights, Etay Maor, IntSights CSO, said, "Telegram appears to be experiencing the most growth, with more than 56,800 Telegram invite links shared across cybercrime forums and over 223,000 general mentions of the application across forums. Telegram is also the platform most often discussed in foreign language forums."

"Financial threat actors and fraudsters exchange stolen carding information, selling or trading all kinds of credit card dumps, and publishing methods or techniques relevant for the fraud community. In addition, there is also a trade of physical items stolen or counterfeited from organizations in the retail industry.” He added.

“While the data itself is fully encrypted and law enforcement needs sophisticated algorithms in order to decrypt it, some countries have authorized law enforcement agencies to access the private information of their citizens if sanctioned by courts or other judicial authorities – including information that lives in IM platforms. Threat actors are worried about the cooperation between technology companies and law enforcement agencies, especially in the United States.” Maor further explained.

Telegram has withdrawn its appeal against the ban on issuing Gram tokens


The company appealed the court decision in March, but then the founder of the messenger, Pavel Durov, announced the termination of work on the blockchain project

Telegram has withdrawn an appeal against a court order banning the distribution of Gram tokens as part of proceedings with the US Securities and Exchange Commission (SEC). The decision was supported by both parties, the withdrawal was carried out using the standard form based on rule 42.1 — "leaving without consideration".

The appeal was sent in March after a court banned Telegram from issuing Gram tokens.  The court ruled in favor of the SEC, which argued that the Gram tokens were unregistered securities. The court also ruled that Telegram cannot issue tokens even outside the United States since this will give US citizens the opportunity to buy these tokens outside the country as well.

The founder of Telegram in an American court said that people outside the US can vote for their presidents and elect their own parliaments, but they are still dependent on the US when it comes to technology and finance.

On May 12, the founder and CEO of Telegram Pavel Durov announced the termination of work on the blockchain project. He accused the US court of sentencing the TON project before it could be successfully implemented. Investors were offered to return 72% of their investment or sign a loan agreement with a return of 110% in a year.

After that, TON investor Vladimir Smerkis said that the majority of ICO participants are inclined to file a lawsuit against Durov. Smerkis allowed an option in which the Telegram team will need to make concessions to investors and reconsider the option of paying out funds.

Let's remind that on April 1, Federal Judge of the Southern District of New York, Kevin Castel, rejected Telegram's request to clarify the possibility of distributing Gram tokens bypassing American investors.

WhatsApp and Telegram Group Links Leaked Online



A security researcher recently discovered that a lot of WhatsApp and Telegram Group invite links that may not be up for public viewing are appearing in multiple search engines like on Google, Yahoo, Yandex, and Bing.

On Friday, researcher Jordan Wildon, a multimedia journalist at Deutsche Welle warned that owing to a critical issue, several illegal groups and activities along with genuine private groups were exposed.

In the light of the leak, various security measures have been taken by both the companies, however, to erase the links from public searches completely so that they are no longer discoverable by people to join will require much more efforts.

This critical flaw not only abused the privacy of the aforementioned messaging apps by exposing around 450,000 groups online but also allowed data mining as the phone numbers were made available directly.

Notably, these messager apps' invite links have been indexed by several search engines. Due to this indexing feature, WhatsApp and Telegram group invite links are also being displayed publicly by these search engines and the visibility increased the reach even further. Two major happenings took place due to these leaked links – Unwanted and uninvited people joined various groups through the invite links and it also paved an easy path for hackers to discover other conversations through brute force attacks.

While addressing the issue, WhatsApp has seemingly removed the invite links for groups from Google and the company also took other steps in order to prevent indexing.

Wildon took to Twitter to provide updates, "JUST IN: Google appears to have removed indexing of WhatsApp links. Other major search engines appear to still be indexing chat links."

"UPDATE: This has been fixed on Google, but results are still available elsewhere. If you’re concerned, I’d recommend going into group settings, tapping “Invite to Group via Link” then “Reset link”. he tweeted.

Pavel Durov again warned about the danger of using WhatsApp


Pavel Durov claims that the hacking of the iPhone of Jeff Bezos, the richest man in the world, occurred due to vulnerabilities in WhatsApp. Facebook which owns the messenger insists that the leak is related to the Apple device itself.

The reason for the leak of personal photos and correspondence of the founder of Amazon and the richest man in the world, Jeff Bezos, is a vulnerability in the encryption system of WhatsApp, not problems with Apple gadgets. Telegram founder Pavel Durov wrote about this in his Telegram channel.

This is how he reacted to an interview with Vice President of Facebook's Global Policy Department Nick Clegg, who said that Bezos confidential data leak was due to the iPhone. "We are confident that end-to-end encryption technology cannot be hacked," he said.

Durov recalled that a few months ago he talked about the vulnerabilities of WhatsApp, which, in his opinion, eventually led to the hacking of Bezos smartphone. At the same time, Facebook then assured that there is no evidence that attackers used this vulnerability. According to the founder of Telegram, the backdoor in WhatsApp allowed access to personal messages and photos of the richest man in the world.

Durov explained that the vulnerability used during the hacking of Bezos phone existed not only on iOS, but also on smartphones with Android and Windows. In addition, it is not available in other messengers.

Durov also accused WhatsApp management of using the phrase "end-to-end encryption" as a "magic spell" that automatically makes correspondence secure. He pointed out that the technology itself does not guarantee complete privacy. For example, WhatsApp developers may intentionally leave vulnerabilities in the app at the request of security forces from different countries. As a result, WhatsApp has no problems with the authorities, and Telegram is banned in some countries like Russia and Iran.

Russian Telegram Accounts Hacked by Intercepting One Time Password (OTP)


According to a firm Group-IB, in the last few weeks a dozen Russian entrepreneurs saw their Telegram accounts hacked. And what's disturbing is the way these accounts were accessed. The attackers intercepted the codes used to authenticate user and give access.

A Telegram App logo in QR code

 How the attackers gained access?

In normal procedure, whenever someone logs into Telegram using a different device, a one-time password (OTP), is texted to them and the user can log into their account using this secret code. Now, these hackers managed to access this one-time secret code and snooped on Telegram chats of various users.

Dmitry Rodin, one of the victims of this attack, runs a coding school in Russia. He told the media, he was given a warning by telegram, that someone is trying to access his account. He ignored the notification but another notification came saying some has successfully logged in from Samara, Russia, he immediately terminated all active sessions except for his.

Like Group-IB, he also believes that there was a problem with the telecom operators or his phone was hacked and not the messaging app Telegram. “Perhaps someone logged into my account by intercepting the SMS, which suggests that there might be a problem on the side of the telecom operator,” he said. “This means that other accounts using SMS as an authentication factor are also threatened.” 13 such cases have been reported so far.

"However, this number is likely to increase since we are speaking about a new threat, which has just started spreading,” a company spokesperson said.

 Is SS7 being abused?

The most worrying part is that One-time password (OTP) were hacked, if this hypothesis is indeed true then we are looking at a very big security threat as this technology is used in many log-ins and financial transactions. Another hypothesis is that victim's devices were hacked and the attackers were spying on their messages but Group-IB found no traces of such activity on the victims' phones. And thus Group-IB is tilting towards a mobile network SS7, that's being abused.

Forbes reported, "Think of SS7 as the part of telecom infrastructure that deals with shifting users between networks as they travel abroad. It also manages the changes in charges when traversing different nations’ networks. But in recent years, hackers have learned that if they can get leverage on that network they can silently intercept text messages. Previously, such attacks have been used in bank account breaches and by surveillance companies."

Now, this same network could be used for hacking Telegram accounts.

 Selling access to accounts on the dark web 

Group-IB also suspects that access to these accounts is being sold on the dark web-based Hydra forum for 3,900$ as well as selling access to WhatsApp messages and user info. Now, they think that these could be linked.

“What made us think that the attacks might have something in common with these advertisements is the fact that the incidents coincided with the time the posts were published,” the company spokesperson added.“But we cannot rule out that there are far more connections between these  two events, which is yet to be established in the course of an investigation.”

Group-IB reported attempts to hack Telegram of Russian entrepreneurs


The company specializing in the investigation of cybercrime Group-IB reported that attackers attempted to hack correspondence of Telegram messenger, and Russian entrepreneurs became the target of cyberattacks.

As the experts explained, at the end of 2019 several Russian entrepreneurs turned to them for help, who faced the problem of unauthorized access by unknown persons to their correspondence in the Telegram messenger.

The incidents occurred on iOS and Android, regardless of the carrier used. Group-IB believes that the attackers were able to view and copy activation codes from SMS messages that Telegram sends when activated on a new device.

Technically, the cyber attack could have been carried out using a vulnerability in the SS7 Protocol. However, attacks on SS7 are rare.

“It is much more difficult to implement such an attack, it requires certain qualifications in the field of data transmission networks and their protocols,” explained Kaspersky Lab’s antivirus expert Viktor Chebyshev.

"The attack began when a message was sent to the Telegram messenger from the Telegram service channel (this is the official messenger channel with a blue verification tick) with a confirmation code that the user did not request. After that, an SMS with an activation code was sent to the victim’s smartphone, and almost immediately a notification came to the Telegram service channel that the account was logged in from a new device,” reported Group-IB.

It is known that other people's accounts were hacked through the mobile Internet, the IP address of the attackers was most often determined in the city of Samara.

It is assumed that the attackers used disposable SIM cards. They deliberately sent SMS with the code, intercepted it and authorized in Telegram. They could buy access to tools for hacking in the Darknet from 100 thousand rubles ($1,565).

The company drew attention to the fact that in all cases, SMS messages were the only authorization factor on devices affected by hacking attempts. Accordingly, such an attack can only be successful if the “Cloud Password” or “Two-step verification” options are not activated in the Telegram settings on the smartphone.

According to anti-virus expert Viktor Chebyshev, Telegram is consistently included in the list of applications targeted by cybercriminals in various spy campaigns. Such an attack can allow attackers to gain access to the correspondence of specific people.

ICQ and Signal are the most secure messengers in Russia, says Vladimir Zykov


Vladimir Zykov believes that ICQ messenger is safer than WhatsApp, but this does not solve the problems. iOS and Android operating systems contain many vulnerabilities that are exploited by hackers.

Choosing a messenger for use, Russians are guided mainly by the advice of friends and their own feelings, said Vladimir Zykov, head of the Association of Professional Network Users and Messengers. The expert is sure that ICQ and Signal messengers are the safest in Russia. But few people use them.

In General, any messenger for a smartphone does not guarantee absolute security, because a vulnerable operating system controls the messenger.

"But if you choose secure mobile software, then the probability of hacking, of course, decreases," said the expert.

According to the expert, the situation is due to the fact that most applications run on mobile devices running the operating systems iOS and Android, developed by American companies Apple and Google. Therefore, they have access to Russian accounts.

"That is, in fact, their owners can connect to your phone and calmly watch from the screen everything that you have there," said he.

Earlier, the creator of Telegram and VKontakte Pavel Durov sharply criticized Facebook. The entrepreneur is unhappy with the protection of information in the WhatsApp messenger.
According to Durov, the application is a kind of Trojan that are not connected in any way with the messenger. This is due to the policy of the American company, which deliberately leaves security vulnerabilities.

WhatsApp, at the same time, is one of the most common messengers among Russians. In addition to it, the Viber application is popular. However, as experts say, these services do not really have high security.

Pavel Durov, the founder of Telegram advised users to remove WhatsApp from smartphones


The Creator of Telegram messenger Pavel Durov called WhatsApp application unsafe.
He recalled a recently discovered vulnerability that allowed hackers and government intelligence agencies to access user data.

"WhatsApp not only does not protect your messages, but this app is also constantly being used as a Trojan to track photos and messages unrelated to Messenger," wrote he on the Telegram channel.
According to Durov, the problem lies in the policy of Facebook, which owns WhatsApp.
Durov noted that his Telegram messenger did not encounter such vulnerabilities in six years of existence. At the same time, he doubted that WhatsApp makes mistakes in the security system due to system imperfections.

"It is very unlikely that someone can accidentally allow serious security failures, such convenient for surveillance, on a regular basis," said he.Therefore, Durov urged users to delete WhatsApp.

In addition, Durov claimed that WhatsApp, like Facebook, shared user information with almost everyone who claimed to be working for the government.

The words of the Creator of Telegram were commented by experts. Thus, the CEO of Digital platforms Arseny Shcheltsin noted that any messenger, including Telegram, has access to the files of the smartphone.

"Does the messenger use this data for its work? It's hard to say," said he.According to Shcheltsin, WhatsApp is trying to demonstrate its usefulness to investors and recoup millions of dollars in costs. And Mark Zuckerberg can consider data collection is an excellent format for the best advertising targeting.

Arseniy Poyarkov, a member of the State Duma’s expert council on the digital economy, advised users of Messengers to prepare in advance for the fact that their personal data can become available to anyone.

According to him, data leaks are almost always associated with careless actions of the user himself.
"Observing information hygiene: using VPN, foreign secure messengers, regularly deleting correspondence and unnecessary photos - you can feel safe with a high degree of confidence," concluded Poyarkov.

Putin's spokesman acknowledged the security of communications on Telegram


Communicate on Telegram is safer than on WhatsApp, said Dmitry Peskov, the special representative of the President of the Russian Federation on digital and technological development.

Recall that on September 16, Edward Snowden, a former employee of the US National Security Agency (NSA), who was granted asylum in Russia, said in an interview with a French radio station that senior officials should not use the WhatsApp messenger due to the low level of encryption. However, he added, both WhatsApp and Telegram are better than SMS or other unencrypted messages.

According to Peskov, Telegram messenger is superior to WhatsApp in terms of security, although there are no means of communication that guarantee absolute security.

"Absolutely safe means of communication does not exist. Until we made a quantum messenger, there are no safe means, " Peskov said.

Peskov also said that there is no ready-made solution for the domestic messenger for civil servants in Russia, however, there is a sense in such an application, and it will be useful.

"If we understand the physical possibility, then, of course, we will create messengers based on quantum technologies for civil servants in the Russian Federation. But for now, this is too long a story," Peskov added.

Peskov noted that at the present time Mail.ru and Sberbank are working on the creation of the Russian messenger. According to Peskov, "there are some serious developments of the domestic messengers: much work is being done in the company Mail.ru and there is a big project in Sberbank. I have not seen a solution that would be ready for implementation now."

"But, choosing between using the WhatsApp solution and using the Telegram solution, the choice of the Telegram solution from the point of view of communication security is completely obvious," said the special representative of the President of the Russian Federation.

He added that he uses both messengers.

Chinese Cyber-attack Hit Telegram Amidst Hong Kong Protests


Telegram a secure messaging app was as of late literally bombarded by a network of computers in China following the protests started by the Hong Kong government's plans to authorize another law.

On Tuesday night, as the protesters assembled close to the Legislative Building of Hong Kong, the authorities arrested the administrator of a Telegram talk group with approx. 20,000 individuals, despite the fact that he was absent at the protest site.

This law thusly enacted by the Hong Kong Government is said to enable individuals in the city to be 'extradited' to Mainland China, where the court framework is closed off from open scrutiny and firmly constrained by the Communist Party.

The uncommon estimates taken up by the Hong Kong authorities propose that the police have made their own way against the protesters, by constraining the digital communication.

Since the protesters were utilizing the present systems networking tools to summon their positions, share wellbeing tips and arrange reserves of nourishment and beverages, even as they find a way to shroud their characters. The experts reacted by tracking them where they plan their moves, recommending that they are taking cues to the manners in which China polices the internet.

Protesters and police offers like have yet brought along carried another 'technological savvy to the standoff.

Lokman Tsui, a professor at the School of Journalism and Mass Communication at the Chinese University of Hong Kong, shared his opinions with respect to the entire circumstance by saying that, We know the government is using all kinds of data and trails to charge people later on, this is why people are minimizing their footprints as much as possible, they are being much more conscious and savvy about it.”

The police used tear gas as protesters came closer to the Legislative Council building in Hong Kong on Wednesday. Protesters used the app Telegram to organize, but the police were watching.

Telegram said on its Twitter account that it had the option to settle its administrations not long after the attack started. It portrayed the overwhelming traffic as a DDoS attack, in which servers are invaded with solicitations from a planned system of PCs.

A significant number of these protesters seem, by all accounts, to be college-eyed and carefully adroit. They went to considerable lengths to keep from being captured or carefully followed. To go to and from the protesters, many remained in lines to purchase single-ride subway tickets as opposed to utilizing their digital payment cards, which can be followed. Some even standing up to the police, securing their faces with caps and covers, giving them anonymity just as some protection from the tear gas.

Beijing however is the one nation that has been accused in the past for attacks that silence political speech outside mainland China's borders.

“The bottom line is whether to trust Beijing,” said Dr. Tsui, the communications professor. “This is a government that routinely lies to its own citizens, that censors information, that doesn’t trust its own citizens. You can’t ask us to trust you if you don’t trust us.”

“These kids that are out there, all the young people, they’re smart,” he added. “They know not to trust Beijing.”

The event however presents no new challenge for Telegram, for as it has been utilized for boundless protests previously too — and has confronted numerous administration as well as government crackdowns. Some of the leading examples of nations who prohibited or obstructed its utilization include Russia, Moscow and Iran.

Durov accused the Russian authorities of trying to hack Telegram accounts of Ural journalists



Friday night, unknown persons tried to hack Telegram and Facebook accounts of famous journalists in Yekaterinburg. The Deputy Editor-in-Chief "URA.RU" Anton Olshannikov, PR specialist Platon Mamatov and the Editor-in-Chief of the site "MSTROK" (mstrok.ru) Natalia Vakhonina suffered from the actions of the unknown hacker. In addition, unknown persons attempted to gain access to the telegram channel of the portal "Momenty" (https://tlg.name/s/momenty_ekb/3292). It is interesting to note that all of them actively wrote about the protests against the construction of the temple in Yekaterinburg.

Hackers tried to log into the accounts of journalists from a desktop computer, the IP-address of which is registered in Spain, namely in Madrid. The two-factor authentication stopped hackers, but they managed to get confirmation codes from SMS. One of the victims asked for clarification to his mobile operator to find out how the attackers were able to enter the code, but he received the answer that the office does not "advise on these issues."

The journalists drew attention to the fact that they all actively participated in coverage of the protests related to the construction of the Church of St. Catherine in the Park near the Drama Theater in Yekaterinburg. From May 13 to 18 a number of unauthorized rallies of opponents and supporters of the Cathedral in the public garden took place in Yekaterinburg. About 100 people were detained in four days. After that, President Vladimir Putin intervened in the situation, who invited the local authorities to conduct a survey of citizens about their attitude to the construction project. On May 22, the survey data were published, showing that the majority of Yekaterinburg residents (74%) oppose the construction of a Temple.

The Creator of Telegram Pavel Durov said that Russian authorities tried to hack telegram accounts of Ural journalists. He connects the attack with the protests that continued in Yekaterinburg all last week.

“It reminds us that the authoritarian Government will stop at nothing to violate the privacy of its citizens,” wrote Pavel Durov in his Telegram channel. He emphasized that all hacking attempts failed.

Telegram's 'secret chat' feature stores conversations in plain text



The desktop variant for Telegram for dispatched a new feature called 'secret chats' for the users who wish for complete privacy for their communication. It occurred in this way, that the Telegram secure messaging app was unsuccessful in protecting the chat content locally and thusly offered access to plain text conversations and media that generally was encrypted.

Since Telegram's attention towards administering secure communication is notable the application utilizes encryption to guarantee that an outsider can't peruse the conversations on their way to the 'destination' and by using end-to-end encryption it ensures that just the sender and the receiver can get to the content.



These safety measures are against altering or breaking privacy in transit; the conversations and media files Telegram Desktop stores locally are genuinely simple to access and read since they are not encoded.

Nathaniel Suchy, a reverse engineer and software developer, was, fortunately, able to peruse the application's database and the messages spared there. Suchy said that  “Telegram uses a somewhat difficult to read, but otherwise, not encrypted, SQLite Database to store messages. By analyzing raw data converted to a simpler viewing format, I also found names and phone numbers that could be correlated to one another. Even so, the information is not easy to read, but custom scripts could help make the details stand out in a more intelligible way and automate the extraction.”


The researchers have proven the 'secret chat' feature as it turned out that every one of the messages goes to a similar database, regardless of whether they gain from end-to-end encryption or not. Even Media documents are not far behind as they have a very comparative destiny.

Telegram Desktop features highlights passport protection to counteract unapproved access to the application, yet this security choice does not include encryption. A technically knowledgeable and excessively inquisitive computer user could still be able to access some other users' chats.


Ensuring the information saved locally is conceivable by empowering full disk encryption from the operating system. This is accessible on Windows through BitLocker, on macOS through FileVault; the feature is available on Linux too.