
A Telegram bug that disclose phone numbers of any users in public groups - 07d046
https://docs.google.com/document/d/e/2PACX-1vRx2wO2kj0axlQtv2CDSjPGlRKJOHtucvpOKGFKybh2eVVGZqvt_JJv-2Q11NHn5Y4um_F4-bgA6q5v/pub
======
22c
Whilst not the same as mentioned in TFA, I noticed in Signal that if you allow
it access to your contacts it will tell you how many of your contacts are
already on Signal. I understand this is useful from a
usability/discoverability aspect, but from a privacy perspective I have no
reason to be made aware of the fact that one of my old bosses who's number is
in my phone is on Signal and neither should they know that I am on Signal for
the same reasons (or lack thereof).

What's worse is there seems to be no way to opt-out of this behavior. I can
deny Signal access to my contacts, thereby not knowing which of my contacts
are on Signal, but that doesn't stop the other party from knowing if I am on
Signal if they have given Signal access to their contacts.

It's not farfetched to consider a world where an oppressive regime may outlaw
the use of something like Signal, Telegram or even WhatsApp and they'd be able
to easily determine if you're using such a service through passive techniques
such as these.

As far as I know, Wickr is a bit more privacy focused, but it doesn't tick the
open source box for me (although the supposed source code is published[1] for
public review).

[1] [https://github.com/WickrInc/wickr-
crypto-c](https://github.com/WickrInc/wickr-crypto-c)

~~~
exocron
> from a privacy perspective I have no reason to be made aware of the fact
> that one of my old bosses who's number is in my phone is on Signal and
> neither should they know that I am on Signal for the same reasons (or lack
> thereof).

I agree that there are some contacts that I would rather not know that I was
on Signal, but, unfortunately, this is an impossible problem to solve when the
goal is to create an end-to-end encrypted messaging platform where your
identifier is your phone number. The server has to know when a number is not a
user so the app can fall back to sending unencrypted SMS (although why Signal
falls back to SMS is a mystery to me) and it also has to carry the current
public key for each user so that you can be sure that you're talking to who
you think you're talking to.

Put another way, even if Signal didn't advertise that, "So-and-so is on
Signal, say hey!" you could still theoretically determine whether or not a
given number is on signal by sending a message to that number. If it fails,
you know they aren't. And if it succeeds, well, then you know they are.

~~~
dooglius
>this is an impossible problem to solve when the goal is to create an end-to-
end encrypted messaging platform where your identifier is your phone number

Right, the use of phone number as identifier is flawed by design, and not
secure

~~~
couchand
A big part of practical security is usability. It's hard enough getting most
people to adopt Signal or other encrypted messaging services. If they couldn't
"just send a message to a number" it would be that much more difficult. The
tradeoff seems worth it in this case.

~~~
ubercow13
People seem fine adding each other on Facebook without using a phone number.
When I add people on LINE messenger I use their ID not their phone number.
When I meet a new person and exchange some contact details, it is rarely a
phone number. I would also like to talk to some people who I do not want to
know my phone number. I think this tradeoff was a mistake for Signal.

~~~
couchand
You are clearly not the target audience for Signal. There of course is a space
for the type of app you're describing, but saying that the tradeoff that
Signal has chosen was a mistake is to misunderstand the goal there.

~~~
codedokode
What goal do you mean? Sell users to marketers?

~~~
couchand
Do you have evidence that this is happening? Otherwise, completely FUD.

The goal I was referring to is making it easy for regular folks to use end-to-
end encryption. Any real measure of security needs to be practically usable by
the intended audience, and the clear and consistent intended audience for
Signal is regular folks who don't have a sophisticated threat model. If any
other identity scheme were used, I'd guess the number of Signal users would be
an order of magnitude smaller.

This is not to say that there aren't great reasons to have more elaborate
secure messaging systems that address these questions, for anyone with a
different security model.

------
RichardHeart
1 point by RichardHeart 44 minutes ago | parent | edit | delete [-] | on:
Telegram 0-day vulnerability that can be used to d...

"TELEGRAM'S REPLY ZDNet has reached out to Telegram for comment earlier today,
and the company has looked into the issue reported by Hong Kong protesters.
"We have safeguards in place to prevent importing too many contacts - exactly
to prevent the scenario," a Telegram spokesperson said.

"In fact, our data shows that the bot displayed on the screenshots got banned
from further imports after two seconds - and only managed to successfully
import 85 contacts (not 10,000)," it said. "Once you get banned from importing
contacts, you can only add up to 5 new numbers per day. The rest of the
contacts you add will look like they're not using Telegram - even if they
are."

However, this ban limit can be bypassed. A determined threat actor like the
Chinese state can easily employ multiple bots to exploit this issue, instead
of just one, and they'll eventually import the entire phone number sequence
they want to cover."

------
yaro2015
[https://www.zdnet.com/article/telegram-voicemail-hack-
used-a...](https://www.zdnet.com/article/telegram-voicemail-hack-used-against-
brazils-president-ministers/)

------
chipotle_coyote
You know what would be a great way to mitigate this kind of attack vector?
Stop insisting on tying identity to phone numbers.

------
samat
Telegram says they block massive contacts imports, says that particular bot
was able to add only 85 contacts and then throttled to 5 new contacts per day.

My questions is how do they distinguish legitimate imports? I have 2K phone
numbers in my address book. Would it take a year for me to be able to message
my friends on telegram?

~~~
codedokode
I assume there are some limits on number of uploaded contacts (probably on
order of thousands) but they can be bypassed by creating thousands of accounts
each with different contact list. One SIM card here in Russia costs as low as
several dollars, and probably cheaper if bought wholesale, so it is not very
expensive.

Also, here is a quote from an article in Russian [1], where it is claimed that
there is a software to de-anonymize Telegram users:

> A phone number used by [Telegram] account @silovikicat was discovered using
> a program titled "Insider-Telegram" developed by the "Center of research of
> legitimacy and political protest". The head of the "Center" Eugene
> Venediktov explains: "Currently the database contains over 10 million of
> numbers. We just go through all possible numbers and check whether they are
> registered in Telegram: for example, we take all numbers starting with a
> prefix +7911 and check them. You automatically see all contacts from you
> address book in your Telegram, don't you? We just have a very "fat" address
> book with phones of all users from our country."

> When a phone number provided by Eugene is added into an address book,
> Telegram automatically matches it with account @silovikicat («Siloviks'
> cat»).

[1] [https://meduza.io/feature/2019/08/10/kto-takoy-tovarisch-
may...](https://meduza.io/feature/2019/08/10/kto-takoy-tovarisch-mayor)

------
mahemm
The widespread usage of Telegram in a situation as sensitive as the Hong Kong
protests is a failure on behalf of the security industry in educating the
public.

Even WhatsApp is miles better, but in reality it should be a no-brainer for
the relevant people to use Signal or perhaps Threema/Wire. What a shame that
charlatans have successfully marketed themselves to the top of this segment
with a distinctly inferior product.

~~~
ufmace
I don't think Signal supports very large groups well (hundreds of users or
more). Or things like announcement channels where tens of thousands can
subscribe, but only a handful of accounts can post. Sounds to me like they
have a superior product.

~~~
rolltiide
> Sounds to me like they have a superior product.

Groups in Telegram are not encrypted. And now its shown that it also reveals
phone numbers, and this is not a feature.

Whatsapp shows phone numbers by default, so it wouldn't be a criticism of
whatsapp.

------
hmnom
It could be argued you already had the phone number of your victim.

If mobile numbers in your country are in the 2________ range, how feasible is
it to add millions of phone numbers to your contact list to find out the
number of someone? I think this is nonsensical.

~~~
marcinzm
>If mobile numbers in your country are in the 2________ range, how feasible is
it to add millions of phone numbers to your contact list to find out the
number of someone? I think this is nonsensical.

If you're a state actor probably pretty easy. Get a couple thousand rooted
remote controllable android devices (which you probably already have for other
projects) and have them automatically add 10k phones numbers each. Then have
them join public telegraph lists and check for matches. Now you have gone
through 10 million phone numbers. Run it in a loop 10 times and you have 100
million. Might take a few days to setup and run.

I don't see why this is infeasible in any way to do if you have a moderate
budget (ie: state actor).

edit: And if your target is in your jurisdiction then you probably have a good
mapping of names to phone numbers already.

~~~
nyxxie
All this to get an app to make "do any of my contacts also use signal"
requests? You could probably just figure out what endpoint the mobile client
calls and imitate them yourself to avoid all the overhead of setting up the
mobile devices. If you have to register to make the request, just provision a
bunch of VOIP numbers and go to town.

Point being, if "who is using signal" is a question you want answered, it's
far more trivial than having to acquire actual devices. Your oppressive regime
could go from zero to black bag list in an afternoon.

------
johnnycab
This _appears_ to be a similar attack vector, to the one which might have been
used for scamming Swiss Revolut customers, by determining legitimate users via
the phone number range, in order to deliver fraudulent SMS messages.

[https://www.reddit.com/r/Revolut/comments/cu07cv/revolut_sca...](https://www.reddit.com/r/Revolut/comments/cu07cv/revolut_scam_swiss_why_did_the_scammer_have_my/exq79mv?utm_source=share&utm_medium=web2x)

------
anthony_barker
f*ck no wonder I get so many robo calls

~~~
techntoke
Nah man, you can thank the FCC for that.

~~~
NateEag
s/FCC/human nature/

~~~
sha666sum
I live in $civilized_country and have gotten one unsolicited phone call ever.
It was from an Indian, so either it was a scam or someone who doesn't adhere
to telemarketing blocklists.

Do not blame USA's inadequacies on human nature.

~~~
perl4ever
People in the US don't get uniform amounts of spam calls, so I'm doubtful that
your experience can be taken as representative of your entire country.

