DIGITAL LIFE

A foolish failure violated 59 million cell phones in Brazil
Leaked Telegram talks between Justice Minister Sergio Moro and Federal Prosecutor Deltan Dallagnol. Attempts to invade devices by Brazilian authorities may have been more rudimentary than previously thought. It even revealed, as discovered by a report in a leading Brazilian weekly magazine, a security vulnerability in more than 59 million Brazilian mobile phones.

Step by step to the invasion: The criminal, armed with the victim's number, accesses Telegram and requests that the code that allows the messenger to be sent by telephone. At the time the password is sent, the targeted line of calls is occupied with the intent that the app message will be diverted to voicemail. At this point, according to the federal police investigative line, the hackers used a VoIP-type internet phone service, similar to Skype, with a function that masks the caller's origin number by that of the victim. This would justify reports of victims who would have received calls from their own telephone numbers.

However, the leap from the cat is in the next step: operator Claro provides a number that allows customers to access voicemail from outside the country. To do so simply call +55 11 99462-0100, enter the number you want to hear the voice box and a password. By default described on Claro's own website, this key would be string 3636 for all customers who would not have changed the string. From there, you can listen to the message sent by Telegram, allowing access to the app and all files, media and conversations of the victim, and can pass by it.
After discovering the loophole, the magazine report tested it in practice. By performing the technique, it was possible to intercept messages sent to the hacked device. But beyond that, the entire target account has been compromised. That is, one could even visualize old messages from the victim. Not only those in textual format, but also those of audio and images. In theory, it would be possible to perform the same Telegram hacking procedure as any client. Of course, you did not actively change the mailbox password. M. F.