Researchers discover security flaws in Telegram encryption protocol Telegram
Researchers from the University of London’s Royal Holloway have discovered several flaws in the MTProto protocol used by the popular encrypted messaging app Telegram.
While end-to-end encryption (E2EE) is available in one-on-one chats, the MTProto protocol is used in the service’s group chats (also known as cloud chats) as well as when users don’t opt-in for E2EE. MTProto is Telegram’s version of transport level security (TLS) which is used to secure data in transit and to protect users from man-in-the middle attacks.
One of the security flaws discovered by Royal Holloway’s researchers allowed an attacker on the network to reorder messages coming from a client to Telegram’s servers. Although this flaw isn’t particularly dangerous, the researchers did note that it was trivial to carry out.
The researchers also took a deeper look into Telegram’s clients for Android, iOS and desktop where they discovered code that could be used to recover some plaintext encrypted messages. However, in order to carry out an attack exploiting this flaw, an attacker would need to send millions of carefully crafted messages to a potential target making it almost impossible to do.
Still secure
Royal Holloway’s researchers discovered a total of four vulnerabilities in Telegram’s MTProto protocol and its clients and disclosed them to the company’s development team back in April.
In the time since, Telegram has updated its encrypted messaging app and none of the flaws now pose a risk to the company’s users.
In a new blog post, Telegram provided further details on the researchers’ work and the changes it has made to patch the flaws, saying:
“The latest versions of official Telegram apps already contain the changes that make the four observations made by the researchers no longer relevant. Overall, none of the changes were critical, as no ways of deciphering or tampering with messages were discovered.”
Via Gadgets360
Researchers from the University of London’s Royal Holloway have discovered several flaws in the MTProto protocol used by the popular encrypted messaging app Telegram. While end-to-end encryption (E2EE) is available in one-on-one chats, the MTProto protocol is used in the service’s group chats (also known as cloud chats) as well…
Recent Posts
- SimpliSafe’s new outdoor monitoring service combines AI with live agents
- South Korea defense firms hit by North Korean attacks
- Porsche Macan Electric 2024: Specs, Prices, Availability
- The Morning After: Meta teases a limited-edition Quest headset inspired by Xbox
- Leaked Samsung Galaxy Ring model numbers hint at size options
Archives
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011