The reader of the Belarusian onliner.by Julia suddenly found a vulnerability in Telegram.
She came to Canada and wanted to transfer my account to a local number while installing the application.
But to the room that issued the operator was already tied an account Telegram: running the application and entering the code from the SMS message, Yulia saw the correspondence of a Hassan.
The pairing process of the new rooms was impossible. The woman turned to tech support messenger and received a recommendation to just remove the account of Hassan, and then repeat the data transfer of your account. The issue of Yulia how to do so to protect themselves from such incident remained unanswered. She was concerned that if she refuses to use the Belarusian SIM-card operator may sell her telephone number to other subscribers and those potentially will have access to her personal data in the Telegram.
The vulnerability is typical for most services, with the authentication number. In the case of Telegram there is an option to protect your account by an additional password. As follows from the correspondence of Julia, and technical support from the point of view of the administration of the messenger, the owner of the phone number is the owner of all the information in the Telegram attached to it. In the event of termination of the contract with the operator must change the number in the messenger.
The number of rooms available in the cellular networks is limited, so the vast majority of the operators after the termination of the agreement for the provision of services given the number to a new user. For a while these “pre-owned” set of numbers fall into the so-called “sump”, and 6-12 months are available again. Discovered by Julia the feature of Telegram is due to the authentication algorithm and its difficult to call a full-fledged vulnerability, whereas are found in the autumn of 2018 loophole is really a threat.
© 2019, paradox. All rights reserved.