Is Telegram safe? Check out the recent Brazilian case

3 min readSep 1, 2019

The Telegram messaging app was launched in 2013, providing instant messaging and end-to-end cloud encryption. It is available for multi platforms such as tablets, computers, smartphones and web version. Its founders are Nikolai and Pavel Durov, creators of VK, Russia’s largest social network.

Telegram is famous for its secure cloud operation and encryption, but in June 2019, The Intercept published leaks of conversations in this app attributed to Sergio Moro, Brazil’s current Minister of Justice and Public Safety.

The messages dated from August 2017 showed the current minister and judge at the time, suggesting witnesses and giving clues about future decisions, advising members of the Federal Prosecutor, including Prosecutor Deltan Dallagnol, according to reports. By law, judges cannot advise parts of a case they are judging.

But how did this hacking take place?

Many news headlines brought back at the time that Telegram had been hacked. But in fact, these allegations have no basis or concrete evidence that Telegram’s servers or user data had been compromised. So much so that the app stated on Twitter that it had not been hacked, giving clues that what might have happened was actually malware someone not using 2-step scanning.

The hackers had actually accessed the mailbox via spoofing, more precisely Caller ID Spoofing. Spoofing, in general, is the sender’s camouflage, something that allows the hacker to present himself as he wants. Caller ID can be handled via a PBX, which is very common in large telephone exchanges. With the democratization of internet access, it has become very easy for simple people to gain access to complex telephone network structures such as a PBX. Through software such as Asterisk, you can find VOIP providers that allow you to set the Caller ID of the call.

By calling your own number you can access the mailbox. Several calls were made to the victim’s number to keep him busy. In the meantime, the hacker was making a request for Telegram’s verification code in order to try to drop it into his mailbox. And with Caller ID spoofing, he got access to voice mail, called “his own” number, and had access to the Telegram verification code.

Until the moment of this article, the operators, despite not having manifested themselves publicly in Brazil, have been able to disable this method of accessing the mailbox, so this method no longer works.

DMME, an alternative to Telegram

An alternative to Telegram that I recommend is the DMME application. It is not possible to register using the telephone number. Making the practice of Caller ID Spoofing impossible.

Registration by the application is through the person’s email. There are several email providers that are secure and can provide greater security for the user, such as Tutanota or ProtonMail.

The DMME application allows full user control over their contacts, allowing authorization or blocking them. The application will be paid, will have no ads and part of the subscription will be paid back to the Ethereum community. Read more here.