Vulnerabilities of Telegrams Highlighted by Researchers, Platform Says Problem Solved | World news
A group of London researchers have discovered critical vulnerabilities in the popular Telegram messaging app, which is used by more than 500 million users around the world. Researchers, including those at Royal Holloway, University of London, analyzed the encryption protocols used by Telegram and highlighted the vulnerabilities of its cloud cats.
Telegram said it recognized the vulnerabilities highlighted by researchers and fixed them in the latest update. The platform uses the MTProto protocol to secure its chats in the cloud, something like Transport Layer Security (TLS), a popular cryptographic standard intended to ensure the security of data in transit.
Explaining what they set out to achieve, the researchers said in their study that they launched four attacks against the security protocols used by the popular messaging app, and the last one “broke the authentication properties. of Telegram’s key exchange, enabling a MitM attack ”.
“Telegram uses its MTProto” record layer “- offering protection based on symmetric cryptographic techniques – for two different types of chats. By default, messages are encrypted and authenticated between a client and a server, but not end-encrypted. Bottom line: such cats are called cloud cats, ”the study said.
They said that although the platform offers end-to-end encryption (E2EE) through a feature called “secret chats”, chats in the cloud are not encrypted. They then described the methods used to attack Telegram’s security protocol and how they were successful.
The vulnerabilities gave an adversary the ability to “rearrange” messages, the researchers said, adding that this could allow hackers to manipulate Telegram bots. The messaging app uses cloud chats to control multiple automated bots.
“The latest versions of Telegram’s official apps already contain the changes that make the four observations made by the researchers no longer relevant,” Telegram wrote in a blog post on Friday.