Telegram Bots --> CoWin Data Leaks (under 2 mins)

What is a Telegram bot?

A telegram bot is a computer program with features not limited to sending out information, reminders, receiving payments, etc. It can do all that a human chat partner can do. The speciality of a bot is that it takes commands (reserved keywords) and executes them. The scope of commands can also be controlled.

One can find different bots in https://telegramic.org/bots/

How are bots different from humans chat partners?

·??????Bots cant start a conversation, a user should send bot a message first.

·??????Bots cannot see messages outside the group but has access to all info within the group its present.

·??????Bots do not have a online status. They are labelled as “bot“ at the end.

·??????Bots responds in the same way to all the users.

Are bots safe?

Telegram bots are required to follow Telegram's privacy laws, but what it's made to do is a debate; it could leverage existing vulnerabilities in the system. They are not owned by Telegram. They have access to information publicly shared with the bot. They could share data with third parties. Consider using bots from reputed developers. The official documentation says to treat it as a stranger. Do not share personal data, and be careful with a bot's files. Bots use the "MTProto" encryption protocol.

What is BotFather?

This is like the master bot for all other bots. It is used to create new bots and manage existing bots.

CoWIN Data Leak Facts

In 2022, As per CloudSek, a company predicting and investigating cyber threats, their report said that the data breach was not in the infrastructure but that of a health worker. They claim that the credentials of the Cowin portal of many health workers are available on the dark web.

A Russian hacker was behind this data breach. The phishing attack was used to give the hacker access to the worker's account What is this got to do with the Context of Telegram Bots? Nothing just conveying how important "Defense in Depth" is. Proper end point security could have resovled this breach.

Returning to the context, in June 2023, a telegram bot was scrapping data from the COWIN portal. The bot was associated with a telegram group called "hak4learn", and the bot which dumped the data was "Truecaller"(now disabled).

"It is believed" to be a user authentication vulnerability. The system allowed the bot to query the database without any credentials. As per Malayalam Manorama report, The CoWIN portal had an OTP system for registered beneficiaries to access their data from the database. It is still being determined now how the data leak happened. LiveMint reported that the Govt says the database was not breached.?

If this turns out to be authentication vulnerability as "believed", it could have been averted with MFA, for ex: OTP + Biometrics of the users having access to the portal.

Source:

• https://www.cloudsek.com/threatintelligence/cowin-data-leak-claim-and-cloudsek-analysis
• https://core.telegram.org/bots/features
• https://telegram.org/faq#q-are-bots-safe
• https://medium.com/@Toprightpartner/the-botfather-c68193717b2d
• https://www.livemint.com/news/india/covid-data-leak-govt-sources-say-breach-old-data-assure-we-are-still-verifying-it-11686560653362.html