Habr User Found Out How to Hack Telegram Passport

The vulnerability allows to steal users' personal data
01 August 2018   1140

The user of Habr, one of the largest Russian-speaking IT media, under the nick Scratch was able to find out a vunerability in Telegram Passport, an ID service from the developers of popular messanger. The vulnerability allows to steal users' personal data. It is caused by the encrypting algorithms, which are used by the solution.This is reported by Security Lab.

As reported, in fact, the encryption in Telegram Passport is not end-to-end in the usual sense, but a specially developed algorithm. Encrypted personal data and an almost random cryptographic key, as well as a hash from personal data, mixed with random bytes, are transmitted to the cloud storage. Scratch says that this information is enough to conduct a successful brute-force attack and to steal personal data of users of the service.

This is by no means a "random noise", it has everything necessary, including an encryption key protected by password. And it allows you to get to user data much, much faster than sorting out all possible combinations of AES keys (2 ^ 256). Also, such mechanisms invented by the authors of Telegram as a validation of the key with the help of the sum of bytes, the involvement of the data itself in the formation of the key of their own encryption and the data hash instead of HMAC are also highly questioned.
 

Scratch

User, Habr

The developer described in detail all the algorithms that the service uses to provide encryption, and also described an approximate plan for using bruteforce attack to hack the service. In addition, he cited several services that use "real" end-to-end encryption. Among them - the messengers Signal and Whatsapp.

In addition, the security expert noted that the speed of hacking depends on the length of the user's password. For protection, he proposed to come up with a complex password longer than 8 characters, which, in his opinion, uses a very small number of users.

The tool for fast authentication and storage of user data Telegram Passport officially came out on July 26, 2018. It has already been criticized for security policy by Anton Rosenberg, the former colleague of the creator of the Telegram, Pavel Durov.

TensorFlow 2.0 to be Released

New major release of the machine learning platform brought a lot of updates and changes, some stuff even got cut
01 October 2019   170

A significant release of the TensorFlow 2.0 machine learning platform is presented, which provides ready-made implementations of various deep machine learning algorithms, a simple programming interface for building models in Python, and a low-level interface for C ++ that allows you to control the construction and execution of computational graphs. The system code is written in C ++ and Python and is distributed under the Apache license.

The platform was originally developed by the Google Brain team and is used in Google services for speech recognition, facial recognition in photographs, determining the similarity of images, filtering spam in Gmail, selecting news in Google News and organizing the translation taking into account the meaning. Distributed machine learning systems can be created on standard equipment, thanks to the built-in support in TensorFlow for spreading computing to multiple CPUs or GPUs.

TensorFlow provides a library of off-the-shelf numerical computation algorithms implemented through data flow graphs. The nodes in such graphs implement mathematical operations or entry / exit points, while the edges of the graph represent multidimensional data arrays (tensors) that flow between the nodes. The nodes can be assigned to computing devices and run asynchronously, simultaneously processing all the suitable tensors at the same time, which allows you to organize the simultaneous operation of nodes in the neural network by analogy with the simultaneous activation of neurons in the brain.

Get more info about the update at official website.