DBSA:2018-073001
Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.
Contents
Digibase Security Advisory - Telegram IP Address Range Hijack
Keywords: Telegram, BGP hijack, network operations
DBSA ID: 2018-073001
Regarding: Telegram IP Address Range Hijack
Writeup: Kradorex Xeron (talk) 13:31, 30 July 2018 (EDT)
Date: 2018 07 30
Last Modified: 20180730123143 by Kradorex Xeron
Who should take note: Telegram Users
Classification
Priority: MODERATE
Rationale: Users may want to monitor official Telegram communications and other media sources.
Severity: MODERATE
Rationale: It is not believed that communications were compromised at this time.
Spread of Issue: SINGLE-PLATFORM HIGH
Rationale: All Telegram users are potentially subject.
Description
Telegram is an online chat service that advertises high-security end-to-end encryption used by approximately 200 million users as of March 2018.
Beginning at 06:28:25 UTC on 30 July 2018, Telegram Messenger LLP, the company overseeing the operation and administration of the Telegram platform experienced four BGP hijack events by "Iran Telecommunication Company PJS", a provider that is associated with the Iranian government. This hijack re-routed traffic destined to 2 networks operated by Telegram Messenger LLP, networks known as "91.108.4.0/22" and "91.108.56.0/23", which are networks where Telegram servers are situated.
Due to Telegram's encrypted nature, it isn't believed that communications were compromised at this time, but this report will be updated if this changes.
BGP is the protocol used by Internet providers associated with routing Internet traffic between providers. Providers "announce" IP ranges that they are responsible for routing to the rest of the Internet so the internet can figure out how to reach them. A BGP hijack is where a provider who does not own a given IP address range advertises that range, typically to intercept or interrupt Internet traffic.
Mitigation/Solution
Telegram users may wish to monitor Telegram official communications or media to determine if there is any risk. This report will be updated if the risk profile changes.