Telegram vulnerabilities highlighted by researchers, platform says issue fixed

The vulnerabilities existed in Telegram's cloud chats, said the researchers adding that they were able to break the security protocol used by the platform. Telegram said in a blog post that it has fixed the issue.
The Telegram logo is seen on a screen of a smartphone in this picture illustration.(Reuters)
The Telegram logo is seen on a screen of a smartphone in this picture illustration.(Reuters)
Published on Jul 18, 2021 01:52 PM IST
Copy Link
By | Written by Amit Chaturvedi, Hindustan Times, New Delhi

A group of researchers from London have found critical vulnerabilities in popular messaging app Telegram, which is used by over 500 million users across the world. The researchers comprising those from Royal Holloway, University of London, analysed the encryption protocols used by Telegram and highlighted the vulnerabilities in its cloud chats.

Telegram said it acknowledged the vulerabilities highlighted by the researchers and fixed them in latest update. The platform uses MTProto protocol to secure its cloud chats, something like the Transport Layer Security (TLS), a popular cryptographic standard meant to ensure security of data in transit.

Explaining what they set out the achieve, the researchers said in their study that they launched four attacks on the security protocols used by the popular messaging app and the last one "broke the authentication properties of Telegram’s key exchange, allowing a MitM attack".

"Telegram uses its MTProto “record layer” - offering protection based on symmetric cryptographic techniques - for two different types of chats. By default, messages are encrypted and authenticated between a client and a server, but not end-to-end encrypted: such chats are referred to as cloud chats," said the study.

They said though the platform offers end-to-end encryption (E2EE) through a feature called "secret chats", the cloud chats aren't encrypted. They then described the methods used to attack Telegram's security protocol and how they succeeded.

The vulnerabilities gave an adversary the chance to "reorder" messages, said researchers, adding that it can allow the hackers to manipulate Telegram bots. The messaging app uses cloud chats to control several automated bots.

“The latest versions of official Telegram apps already contain the changes that make the four observations made by the researchers no longer relevant," Telegram wrote in a blog post on Friday.

Apps like Telegram and Signal have seen massive surge in downloads and usage after WhatsApp updated its privacy policy that included a controversial change of linking data of WhatsApp users to Facebook's other products and services.

Close Story
Story Saved
Saved Articles
My Reads
Sign out
New Delhi 0C
Tuesday, October 26, 2021