Tag Archives: encrypted

Hackers Exploit ‘Telegram Messenger’ Zero-Day Flaw to Spread Malware


A zero-day vulnerability has been discovered in the desktop version for end-to-end encrypted Telegram messaging app that was being exploited in the wild in order to spread malware that mines cryptocurrencies such as Monero and ZCash.

The Telegram vulnerability was uncovered by security researcher Alexey Firsh from Kaspersky Lab last October and affects only the Windows client of Telegram messaging software.

The flaw has actively been exploited in the wild since at least March 2017 by attackers who tricked victims into downloading malicious software onto their PCs that used their CPU power to mine cryptocurrencies or serve as a backdoor for attackers to remotely control the affected machine, according to a blogpost on Securelist.

Here’s How Telegram Vulnerability Works

The vulnerability resides in the way Telegram Windows client handles the RLO (right-to-left override) Unicode character (U+202E), which is used for coding languages that are written from right to left, like Arabic or Hebrew.

According to Kaspersky Lab, the malware creators used a hidden RLO Unicode character in the file name that reversed the order of the characters, thus renaming the file itself, and send it to Telegram users.

For example, when an attacker sends a file named “photo_high_re*U+202E*gnp.js” in a message to a Telegram user, the file’s name rendered on the users’ screen flipping the last part.

Therefore, the Telegram user will see an incoming PNG image file (as shown in the below image) instead of a JavaScript file, misleading into downloading malicious files disguised as the image.

“As a result, users downloaded hidden malware which was then installed on their computers,” Kaspersky says in its press release published today.

Kaspersky Lab reported the vulnerability to Telegram and the company has since patched the vulnerability in its products, as the Russian security firm said: “at the time of publication, the zero-day flaw has not since been observed in messenger’s products.”

Hackers Used Telegram to Infect PCs with Cryptocurrency Miners


During the analysis, Kaspersky researchers found several scenarios of zero-day exploitation in the wild by threat actors. Primarily, the flaw was actively exploited to deliver cryptocurrency mining malware, which uses the victim’s PC computing power to mine different types of cryptocurrency including Monero, Zcash, Fantomcoin, and others.

While analyzing the servers of malicious actors, the researchers also found archives containing a Telegram’s local cache that had been stolen from victims.

In another case, cybercriminals successfully exploited the vulnerability to install a backdoor trojan that used the Telegram API as a command and control protocol, allowing hackers to gain remote access to the victim’s computer.

“After installation, it started to operate in a silent mode, which allowed the threat actor to remain unnoticed in the network and execute different commands including the further installation of spyware tools,” the firm added.

Firsh believes the zero-day vulnerability was exploited only by Russian cybercriminals, as “all the exploitation cases that [the researchers] detected occurring in Russia,” and a lot of artifacts pointed towards Russian cybercriminals.

The best way to protect yourself from such attacks is not to download or open files from unknown or untrusted sources.

The security firm also recommended users to avoid sharing any sensitive personal information in messaging apps and make sure to have a good antivirus software from reliable company installed on your systems.

75,000 Turks Arrested So Far for Downloading Encrypted Messaging App


WARNING: If you are Turkish and using or have installed ByLock—a little-known encrypted messaging app—you could be detained by Turkish authorities.

You might be thinking why???

Because using this app in Turkish is illegal since last year.

The background story begins here…

Remember the deadliest Turkey’s failed coup attempt?

In July 2016, a section of the Turkish military launched a coordinated operation—by deploying soldiers, tanks on the streets of major Turkish cities—to topple the government and unseat President Recep Tayyip Erdogan.

The Turkish government blamed Muhammed Fethullah Gülen, a Turkish preacher who lives in the United States, for leading the July 15-16 attempted coup, though Gülen denied any involvement.

In the aftermath of the coup attempt, Milli İstihbarat Teşkilatı (MİT), the Turkish intelligence agency investigated and found that the ByLock messaging app was used as a communication tool by tens of thousands of Gülen movement followers to coordinate the coup.


Since then the Turkish government has detained 75,000 people in an unprecedented crackdown for downloading the ByLock app, which has been declared illegal, according to the Guardian.

Arrested people includes civil servants, judges, police officers, soldiers, house makers, and businessmen, who allegedly participated in the failed military coup attempt.

For those unaware, ByLock was one of the many encrypted messaging apps available to download for free on Apple’s App Store and Google’s Play Store and was downloaded over 600,000 times between April 2014 and April 2016, according to a report by British computer forensics expert, Thomas K. Moore.

It turns out that the Turkish authorities were able to crack ByLock because of its weak encryption algorithm and managed to decrypt 10 million encrypted messages, which lead to evidence against thousands of rebels and undercover Gülenist operatives.

The Turkish government also believes that ByLock has been created by the Fetullahist Terrorist Organization (FETÖ), for delivering Gülen’s messages among his followers as well as to instruct them on how to carry out plots against anti-Gülenists.

According to a legal opinion published in London, arresting people on the basis of just downloading an encrypted messaging app violates their human rights under Article 5 of the European Convention on Human Rights (ECHR), which guarantees the right to liberty.

Powered by WPeMatico

Satellite Phone Encryption Calls Can be Cracked in Fractions of a Second


Security researchers have discovered a new method to decrypt satellite phone communications encrypted with the GMR-2 cipher in “real time” — that too in mere fractions of a second in some cases.

The new attack method has been discovered by two Chinese security researchers and is based on previous research by German academicians in 2012, showing that the phone’s encryption can be cracked so quickly that attackers can listen in on calls in real time.

The research, disclosed in a paper published last week by the security researchers in the International Association for Cryptologic Research, focused on the GMR-2 encryption algorithm that is commonly being used in most modern satellite phones, including British satellite telecom Inmarsat, to encrypt voice calls in order to prevent eavesdropping.

Unlike previous 2012 research by German researchers who tried to recover the encryption key with the help of ‘plaintext’ attacks, the Chinese researchers attempted to “reverse the encryption procedure to deduce the encryption-key from the output keystream directly.”

The attack method requires hitting a 3.3GHz satellite stream thousands of times with an inversion attack, which eventually produces the 64-bit encryption key and makes it easier to hunt for the decryption key, allowing attackers to decrypt communications and listen in to a conversation.

“This indicates that the inversion attack is very efficient and practical which could lead to a real time crack on the GMR-2 cipher,” the research paper reads. “The experimental results on a 3.3GHz platform demonstrate that the 64-bit encryption-key can be completely retrieved in around 0.02s.”

According to the duo, the attack can eventually crack the satellite phone call encryption in a fraction of a second when carried out successfully, allowing the attacker to break into the communications in real time for live eavesdropping.

The new findings spark concerns surrounding the security of satellite phones, which are mostly used by field officers in war zones that protect our land, air, and water, as well as people in remote area precisely because of no other alternatives.

Such attacks could pose a significant threat to satellite phone users’ privacy.

“Given that the confidentiality is a very crucial aspect in satellite communications, the encryption algorithms in the satellite phones should be strong enough to withstand various eavesdropping risks,” researchers said. 

“This again demonstrates that there exists serious security flaws in the GMR-2 cipher, and it is crucial for service providers to upgrade the cryptographic modules of the system in order to provide confidential communication,” researchers concluded.

The research was carried out by Jiao Hu, Ruilin Li and Chaojing Tang of National University of Defense Technology, Changsha, China. For more details, you can head on to their research paper [PDF], titled “A Real-time Inversion Attack on the GMR-2 Cipher Used in the Satellite Phones.”

Powered by WPeMatico

Telegram Agrees to Register With Russia to Avoid Ban, But Won’t Share User Data


After being threatened with a ban in Russia, end-to-end encrypted Telegram messaging app has finally agreed to register with new Russian Data Protection Laws, but its founder has assured that the company will not comply to share users’ confidential data at any cost.

Russia’s communications watchdog Roskomnadzor had recently threatened to block Telegram if the service did not hand over information required to put the app on an official government list of information distributors.

The Russian government requirement came following terrorists’ suicide bombings that killed 15 people in Saint Petersburg in April in which terrorists allegedly used the Telegram‘s app to communicate and plot attacks.

“There is one demand, and it is simple: to fill in a form with information on the company that controls Telegram,” said Alexander Zharov, head of Roskomnadzor. 

“And to officially send it to Roskomnadzor to include this data in the registry of organizers of dissemination of information. In case of refusal… Telegram shall be blocked in Russia until we receive the needed information.”

Telegram CEO Pavel Durov refused to comply with the country’s requirements because he feared that it would weaken the privacy of its over 6 Million Russian users.

Telegram: No Confidential Data of Users will be Shared

However, after facing pressure from the government, Durov agreed on Wednesday to just register with the Russian government, but the company wouldn’t store citizens’ information on the Russian servers.

The Russian Federal Service for Supervision Of Communications, Information Technology and Mass Media (Roskomnadzor) announced on Wednesday that Telegram had finally presented all the requirements.

Roskomnadzor is a federal executive body in Russia responsible for overseeing the media, including the electronic media, mass communications, information technology and telecommunications; organizing the work of the radio-frequency service; and overseeing compliance with the law protecting the confidentiality of its users’ personal data.

Durov announced his decision via VK.com, the Russian version of Facebook, adding that while he’s happy for Telegram to be formally registered in Russia, anything that violates users’ privacy will not be served — only basic information about the company will be shared.

“We will not comply with unconstitutional and technically impossible Yarovaya Package laws—as well as with other laws incompatible with the protection of privacy and Telegram’s privacy policy,” Durov said.

Telegram is an end-to-end encrypted messaging app, but unlike WhatsApp, Telegram does not offer the end-to-end messaging feature to its users by default. Rather users need to open encrypted chats to communicate securely.

How to Communicate Securely with Telegram 

If you are communicating with people on Telegram thinking that your chats are end-to-end encrypted, you are mistaken, because all your chats will be stored in plain text on Russian servers, making it possible for the government to request it with court orders, when required.

So, always make sure that you communicate with people on Telegram using its encrypted chat feature. Here’s how to start an end-to-end encrypted chat on Telegram:

  • Open Telegram app
  • Select the contact you want to communicate
  • Click on his/her name
  • Select ‘Start Secret Chat’ (highlighted in green color)
  • A new, secure chat window will open, where you can communicate securely.

You can also enable other security features offered by Telegram.

These features include Two-Step Verification that allows you to set up an additional passcode for your Telegram account, which is also required to log into your account and Self-Destruct Secret Chats that lets you self-destruct your messages after a specified time (between 1 second and 1 week), leaving no trace on Telegram servers.

Powered by WPeMatico

Russia Threatens to Ban Telegram Messaging App, Says It Was Used By Terrorists


Russia has threatened a ban against Telegram end-to-end encrypted messaging app, after Pavel Durov, its founder, refused to sign up to the country’s new data protection laws.

Russia’s FSB intelligence service said on Monday that the terrorists who killed 15 people in Saint Petersburg in April had used the Telegram encrypted messaging service to plot the attacks.

According to the new Russian Data Protection Laws, since January 1, all foreign tech companies have been required to store past six months’ of the personal data of its citizens and encryption keys within the country; which the company has to share with the authorities on demand.

“There is one demand, and it is simple: to fill in a form with information on the company that controls Telegram,” Alexander Zharov said, head of communications regulator Roskomnadzor (state communications watchdog).

“And to officially send it to Roskomnadzor to include this data in the registry of organizers of dissemination of information. In case of refusal… Telegram shall be blocked in Russia until we receive the needed information.”

Russian wants Telegram to share its users’ chats and crypto keys if asked, as the encrypted messaging app has become widely popular among terrorists for operating inside Russia.

Founder Pavel Durov said on Twitter that Intelligence agencies had pressured the company to weaken its encryption or install a backdoor.

So far, Telegram has refused to comply with the requirements in order to protect the privacy of its more than 6 million Russian users.

November last year, LinkedIn, the world’s largest online professional network, was also banned in Russia for not complying with the country’s data protection laws.

Powered by WPeMatico

Man Jailed 6 Months for Refusing to Give Police his iPhone Passcode


Remember Ramona Fricosu? A Colorado woman was ordered to unlock her encrypted Toshiba laptop while the FBI was investigating alleged mortgage fraud in 2012, but she declined to decrypt the laptop saying that she did not remember the password.

Later the United States Court ruled that Police can force defendants to decrypt their electronic devices, of course, as it does not violate the Fifth Amendment that prevents any citizen from having to incriminate themselves.

Forgetting passwords for your electronic devices could be a smart move to avoid complying with a court order, but not every time, as US judges have different opinions on how to punish those who do not compel the order to unlock their phones.

On a single day last week, one defendant got six months jail for allegedly refusing to reveal his iPhone passcode, while a second defendant walks through after he claimed he forgot his passcode.

A Florida circuit court judge ruled last week that child abuse defendant Christopher Wheeler, 41, must serve 180 days in jail for not handing over the correct 4-digit code to unlock his iPhone to police, while he insisted that the passcode he gave to officers was correct.

“I swear, under oath, I’ve given [the detectives] the password,” Wheeler said.

Wheeler was arrested earlier this year for allegedly hitting and scratching his daughter. He was taken into custody in a Broward Circuit Court on Tuesday after the cops were not able to access the phone using the passcode provided by him.

Investigators believe that the defendants iPhone may contain photos of his child’s injuries, according to the Miami Herald.

However, in a different court, another Florida judge let off an extortion case defendant, even though he also claimed to have forgotten the passcode for his BlackBerry phone.

Wesley Victor and his girlfriend Hencha Voigt (a reality TV personality) both are accused of threatening to release sex tapes stolen from local social media celeb YesJulz unless she paid $18,000.

“The judge made the right call,” Victor’s lawyer Zeljka Bozanic said. “My client testified he did not remember. It’s been almost a year. Many people, including myself, can’t remember passwords from a year ago.”

The sex tapes of YesJulz ended up on the Internet, but there is no evidence Victor or Voigt posted them online.

Voigt is also facing contempt of court charges and scheduled to appear in front of a judge next week because the passcode she provided to authorities for her phone was incorrect.

The Fifth Amendment gives defendants rights to not to say anything that could be used against them and a secret password or passcode is personal information protected by this amendment, but the above cases underscore the dilemma faced by law enforcement officials in dealing with the password and encryption issue.

It seems like the final word on passwords and encryption will likely have to come from the United States Supreme Court before.

Powered by WPeMatico