Ikhowudi engaqondakaliyo ifunyenwe kwiklayenti yeTelegram engekho mthethweni iNekogram. Ithumela ngasese iinombolo zefowuni zabasebenzisi abangene kwi-app kwi-bot ethi "@nekonotificationbot," eqhagamshelwe kwi-ID yomsebenzisi. Utshintsho lokuqokelela iinombolo zefowuni lukho kuphela kwiiphakheji ze-APK ezigqityiweyo ezisasazwa ngeGoogle Play, GitHub, kunye netshaneli yeTelegram yeprojekthi. Utshintsho lokuqokelela iinombolo zefowuni alukho kwikhowudi yomthombo kwiGitHub nakwiphakheji ye-APK evela kwi-directory ye-F Droid.
Umnyango ongasemva wawukho kwifayile ye-Extra.java. Kusenokwenzeka ukuba yathunyelwa kuqala nge-Nekogram version 11.2.3, ekuqaleni yathunyelwa kuphela kubasebenzisi abaneenombolo zefowuni zaseTshayina, yaza yathunyelwa kuye wonke umntu. Le nkqubo ikwasebenzise ii-bots ze-osint "@tgdb_search_bot" kunye ne-"@usinfobot" ukuchonga abasebenzisi ngee-ID zabo, kodwa iinombolo zefowuni azithunyelwanga kubo. 
Abaphandi benze i-Java hook kunye ne-bot evumela nawuphi na umsebenzisi ukuba aqinisekise ukuba isicelo sakhe sithumela iinombolo zefowuni. 
Ngokutsho kwabaphandi abafumene le ngxaki, ababhali bale nkqubo basenokuba basebenzise ulwazi abalufumeneyo ukwakha isiseko sedatha sokuthengisa kamva kubadali beebhothi ze-OSINT. Ukufiphazwa kotshintsho kunye nokusetyenziswa kwezicelo ezikwi-inline ukuthumela idatha kubonisa ukufihla ngabom lo msebenzi. Emva kokuba le ngxaki ityhilekile kwinkqubo yokulandelela iimpazamo zeprojekthi, umbhali weNekogram uvumile ukuba uthumele iinombolo zefowuni kwibhothi yakhe, ngaphandle kokuchaza isizathu salo msebenzi, kodwa waphawula ukuba iinombolo zefowuni ezithunyelweyo azigcinwanga okanye zabelwana ngazo nabani na.
Ukongeza, ubuthathaka buchongiwe kwi-app esemthethweni yeTelegram. I-Zero Day Initiative (ZDI), iprojekthi enika imivuzo yemali ngokuxela ubuthathaka obungapatfwanga, ipapashe idatha yokuqala malunga nobuthathaka i-ZDI-CAN-30207 kwiTelegram, enikwe inqanaba lobunzima obukhulu (9.8 kwi-10) kwaye ichongiwe njengohlaselo olukude olufuna senzo somsebenzisi. Iinkcukacha zicwangciselwe ukukhutshwa ngoJulayi 24, zinike abaphuhlisi beTelegram ixesha lokuthumela isisombululo kubasebenzisi.
Ngokwahlukileyo, kuye kwavela ulwazi lokuba ubuthathaka bubonakala xa kuvulwa izitikha ezinemifanekiso ezenziwe ngokukodwa kwiTelegram kwaye kunokukhokelela ekusetyenzisweni kwekhowudi enobungozi ngaphandle kwesenzo somsebenzisi. Kubonakala ngathi, ubuthathaka bubangelwa yimpazamo kwikhowudi yelayibrari ye-rlottie, evumela umsebenzi wokujonga kwangaphambili.
Abameli beTelegram bathi abayithathi le ngxaki ichongiweyo njengomngcipheko oyingozi, njengoko zonke izitikha ezilayishiweyo zijongwa kwangaphambili ukuba azinazo na. iiseva I-Telegram kunye nokuhlolwa okunjalo bekuya kuthintela ukuba istikha esinobungozi singaboniswa kubasebenzisi. Emva kwesibhengezo se-Telegram, inqanaba lobunzima bobuthathaka lehlisiwe ukusuka kwi-9.8 ukuya kwi-7.0.
umthombo: opennet.ru
