Security Flaws in Telegram Encryption, Expert Weighs In

Researchers from the University of London’s Royal Holloway have discovered several flaws in the MTProto protocol used by the popular encrypted messaging app Telegram techradar report.

While end-to-end encryption (E2EE) is available in one-on-one chats, the MTProto protocol is used in the service’s group chats (also known as cloud chats) as well as when users don’t opt-in for E2EE. MTProto is Telegram‘s version of transport level security (TLS) which is used to secure data in transit and to protect users from man-in-the middle attacks.

The researchers also took a deeper look into Telegram’s clients for Android, iOS and desktop where they discovered code that could be used to recover some plaintext encrypted messages. However, in order to carry out an attack exploiting this flaw, an attacker would need to send millions of carefully crafted messages to a potential target making it almost impossible to do.

Experts Comments

July 21, 2021
Jake Moore
Cybersecurity Specialist
ESET

Many people often wrongly assume that if the app they are using is security and privacy focused then it will remain 100% protected. However, even the most robust protected app will have a flaw that is exploitable from time to time. Therefore, it is vital to make sure the apps you are using are kept up to date and you delete any unused apps on your devices to refrain from become a potential risk.

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.