A freelance journalist, contacted me few days ago asking about our services. In our conversation, once I described our services and the benefits of using them, I asked, as I always do, what communication tools she was using so far.
She said that she was using her personal website domain for email communication and Telegram for online communication. But, now, she wanted to change that. It was because few of her colleagues, who were using Telegram, may have been exposed due to hackers intercepting their SMS activation messages.
After I heard that I tried to figure out what was going on and found the Reuters’s article on the breach.
It seems that Iranian hackers have been active throughout the year and have jeopardized the communications of activists, journalists and other people in sensitive positions in Iran. At the same time they have identified the phone numbers of 15 million Iranian users.
Telegram SMS activation not secure
The problem arose when users were trying to activate new devices and they got SMS messages to accomplish that. The codes could be intercepted by hackers and then used used to add new devices to a person’s Telegram account, enabling them to read their messages and chat histories.
What does Telegram have to say about it? Well, they certainly don’t deny it. However, they say only public data was collected. Who knows? And about the SMS codes. They don’t deny it either. They just encourage their users to use 2-Step verification.
How secure would you feel if you heard that you could be hacked?
What’s more, there was another security flaw found in Telegram’s messaging app.
“A bug in the Telegram Messager app logged anything its users pasted into their chats in its syslog on macOS, even if they had opted for the end-to-end encrypted “secret” mode.” , it’s said in the Arstechnica’s article.
It seems the bug has been fixed, but the app that “was found to be the most popular way for terrorist organisations to stay in touch with each other and the outside world”, can’t stay secure for long.
Back to our lead, the freelance journalist?
After our conversation, what I offered was the Blackphone combined with our Encrypted email service, which not only encrypts all communication, but also allows you to create multiple Spaces: private and professional one. So, you don’t need multiple devices. That means, you can avoid the risk of adding an application to more than one and receiving SMS codes for confirmation.
She was more than happy to look into the alternative, and yesterday she contacted me to become our customer.