Telegram has released an update to address security flaws in the company’s MTProto protocol that were recently discovered by a group of researchers. Researchers from Royal Holloway, University of London, looked into Telegram’s encryption protocol and found flaws in its cloud chats method. When users do not want end-to-end encryption, the MTProto protocol is used (E2EE). Telegram has announced that it has released app updates that ‘already contain the changes that render the four observations made by the researchers obsolete.’
Telegram acknowledged the researchers’ vulnerabilities in a recent blog post, stating that the latest version of its app contains fixes for all of the flaws mentioned. ‘None of the changes were critical,’ it continues, ‘because no methods of deciphering or tampering with messages were discovered.’
While E2EE is the most popular method for securing chats, Telegram’s cloud chats are also secured using the MTProto protocol. This is the company’s implementation of transport layer security (TLS), a widely used cryptographic standard for ensuring data security in transit. TLS protects Telegram users from man-in-the-middle (MITM) attacks to some extent, but it does not completely prevent servers from reading messages. One of the flaws was the ability to reorder messages, which could be exploited by an attacker to manipulate Telegram bots.
The researchers also discovered a flaw that could allow hackers to decrypt encrypted messages and extract plain text. This flaw was discovered in Telegram’s Android, iOS, and desktop versions. The hacker would have to put in a lot of effort to extract the text using the mentioned flaw, according to Telegram. In any case, the researchers claim that the latest update has fixed all of the flaws they found. If you use Telegram, make sure you’re up to date by going to your device’s app store and downloading the most recent update.
Post Your Comments