attacker then takes guesses at what Telegram contacts the victim may have. Adding them as android contacts makes them automatic Telegram contacts and the metadata analysis can begin.

thomwithoutanh's bookmarks 2016-08-12

Summary:

The Telegram android app sends a notification to all contacts when it becomes or stops being the "foreground" app on the device. Using that information alone it's at times easy to make guesses about who's talking to who if you have several contacts in common with a "victim". An "attacker" will sometimes see the victim and another contact taking turns going active/inactive as they pass messages back and forth. Add anyone to your Telegram contacts The metadata may be a considerable problem in itself but what makes it worse is that Telegram does not require contacts to mutually agree that they should be connected! As long as an attacker know the phone number of the victim and add it to the android contacts the victim will show up as a Telegram contact and the attacker will automatically subscribe to the victim's metadata. As a bonus the victim will not be notified in any way and the attacker will not show up among the victim's Telegram contacts.

Link:

https://oflisback.github.io/telegram-stalking/

From feeds:

Messaging Apps » thomwithoutanh's bookmarks
Messaging Apps » ERResearch's bookmarks

Tags:

Date tagged:

08/12/2016, 04:35

Date published:

08/12/2016, 05:01