Automation with Telegram Bots - Security Art Work · 2016-07-26 · Automation with Telegram Bots....

@bitsniper - @jovimon - FAQin Congress 2016

Automation with Telegram Bots

About us

José González

@bitsniper

Security Analyst

Jose Vila@jovimon

Security Analyst

Incident Handler

If you want to join us: empleo@s2grupo.es

Communication Schema

Bots: Features

“Interface to code running in a server”

No associated phone number

No status

Name ends in “bot”

Unable to start chats

Bots: Features (cont’d)

By default don’t receive all messages in groups

Created by means of a “metabot”: @BotFather

Identified by name and token

https://telegram.me/<bot_name>

Easy HTTPS API

Bots: Creation

Bots: Creation (cont’d)

Usage @mpower_bot

Server Interface

https://github.com/python-telegram-bot/python-telegram-bot

Useful examples

Official Telegram Bots– @ImageBot, @TriviaBot, @PollBot, @RateStickerBot, @AlertBot,

@HotOrBot, @GithubBot …

Inline bots– @gif, @vid, @pic, @bing, @wiki, @imdb, @bold …

Yago Perez’s bot– 57+ accepted commands (!boobs and !butts among others)

Even bot “stores”– storebot.me / @StoreBot (official)

Usage in Cybersecurity

Notifications (e.g. replacing SMS)– Vulnerabilities

– Critical attacks

– High priority mail

– Systems and Security Monitoring

– …

Actions– System and Security Monitoring

– Additional notificacions (Auth path)

– (un)block IP address/DNS hostname

– …

Reckless by default

Owner cannot control bot visibility on global search

Confidence isn’t that bad!

By default accepts anything anyone throws at it

If we do not protect our babies they can be abused by others

Education is the key

Easy remediation

Brace yourself, Sentence is coming!

We must pay attention to bot privileges upon interaction

– Controlled by the owner

Brace yourself, Sentence is coming!

Gossipping is ugly … and BAD!

Let’s go, kill’em all !

One shot, one death …

Bot limitations:

Cannot see user images

Cannot start chats

Cannot get user “last seen” status

Using bots for our own benefit

We need more power under the Hood!

From Derringer

To Colt 61

Using bots for our own benefit (cont’d)

• Far West is not fair

• Fair people bites in the dust…

• How can we obtain more information?

• MT-Proto: Full User API

– Wizardry

– Witchcraft

– Black Magic

– Extra reinforcement of Cryptographic Sorcery

FAQin Commercials presents…

• Not willing to code?

• Your code is as Ugly as Chema’s cap?

• Last time you coded universe almost exploded?

FAQin Commercials presents… (cont’d)

Handyman Method

Ugly and bad things together

The API is a nightmare

• TL-Language

• High-level component API query language

• MT-Proto description

• Lacks on precise documentation

• Where is the latest version of TL-Schema?

More… is not for more “Layers”

https://github.com/zhukov/webogram/blob/master/app/js/lib/config.js#L104

ThanksPavel Durov

DEMO TIME

Sybercomunity Gossipping

@mpower_bot

Sybercomunity Gossipping (cont’d)

NcN 2015

SecAdmin 2015

Syber Salsa Rosa - 537 members (and counting)

• 182 have “last seen” disabled

• 355 have “last seen” enabled

• “Last seen” really disabled? (Future work)

• You can see when anyone becomes online– Doesn’t need mutual trust

• Building digital identity– Twitter

– Youtube

– G+

– Facebook

– Instagram

Conclusion

• Telegram is:– Awesome

– Fairly secure transmission

– Not so on Telegrams servers

– Fails at privacy

– Victims cannot do anything

– API Sucks a huge FAQin lot!

• We are not the first ones:– http://oflisback.github.io/telegram-stalking/

Thank you !

Automation with Telegram Bots - Security Art Work · 2016-07-26 · Automation with Telegram Bots....

Documents

Transcript of Automation with Telegram Bots - Security Art Work · 2016-07-26 · Automation with Telegram Bots....

The Use of Artificial Intelligence...AUTOMATION / CHAT BOTS is an AI which conducts a conversation via auditory or textual methods. Chat bots use Natural Language Processing to ‘understand’

Bots: An introduction for developers - AgentNnamdi · Bots: An introduction for developers Bots are third-par ty applications that run inside Telegram. Users can interact with bots

Business Logic Attacks – BATs and BLBs · Business logic attacks Business process automation: The friendly side of web automation Business logic bots: ... Click Fraud Referrer click

Robotic Process Automation in Human Resources...Robotic Process Automation in Human Resources December 2018. 2 2 Robotic Process Automation (RPA) involves use of software bots for

Robotic Automation - Pega€¦ · Cognitive - Decisioning Automate for Outcome Mimic Behavior Workflow bots Attended bots ... Increased claims automation rates Improved Agent Experience

GUIDE BEFORE UNLEASHING THE BOTS · 2018-04-23 · One such technology is robotic process automation (RPA). This field of robotics operates virtually rather ... Bots can certainly

Telegram, George Kennan to George Marshall ["Long Telegram ...

BRIDGE TO GLOBAL MARKET FOR MVNOs - Amazon S3€¦ · customized messenger bot to purchase mobile data packages of local mobile operators. ... • Customizable Bots for Telegram,

Bots: An introduction for developers - Brains-Master An introduction for develop… · Bots: An introduction for developers Bots are third-party applications that run inside Telegram.

National Capital Regional PDI€¦ · Army Robotics Process Automation Works with existing infrastructure and is governed and ... RPA Intro Video 5 Video: “Bots are here ... Bots

Telegram - Amazon Web Services · Telegram is uniquely positioned to establish the first mass-market cryptocurrency ... bots, and other services. Safeguards built into the system

ROBOTIC PROCESS AUTOMATION DURING COVID-19 · In some cases, automation . can protect staff’s physical health by limiting exposure. For example, essential businesses are using bots

BOTs or not? - person.dibris.unige.it · Telegram I Conversational bots are aimed at automatically interacting with humans using natural language I Wikipedia bots perform routine

Artificial intelligence and smart bots are taking over€¦ · smart bots are taking over Rodney Koolman. ... Skype, web, email, Facebook, GroupMe, Kik, Slack, Telegram, Twilio, Teams

On Twitter Bots Behaving Badly: Empirical Study of Code ... · the position of the platforms targeted by bots in relation to automation through bots. For this purpose, we manually

The Rise of the (Modelling) Bots: Towards Assisted ...chechik/courses18/csc2125/paper78.pdf · networks like Twitter or Telegram are used for leisure, and they frequently serve as

ROBOTIC & COGNITIVE AUTOMATION FOR THE INSURANCE … · OVERVIEW Robotic Process Automation is redefining business processes in the insurance industry. Software bots are capable of

Manufacturing Value Chain | Automation to Improve Supply Chain … › sites › default › files › Manufacturing... · 2020-03-31 · The Automation Anywhere bots eliminated the

The HubSpot Growth Platform › hubfs › Guide › Growth... · Bots + Automation Use bots to improve live chat efficiencies and scale 1-to-1 communications by routing customers

Convcomp2016: The new era of bots, multi-channel messaging solutions, dynamic routing and automation of everything