Security Flaws in Telegram Encryption, Expert Weighs In

Researchers from the University of London’s Royal Holloway have discovered several flaws in the MTProto protocol used by the popular encrypted messaging app Telegram techradar report.

While end-to-end encryption (E2EE) is available in one-on-one chats, the MTProto protocol is used in the service’s group chats (also known as cloud chats) as well as when users don’t opt-in for E2EE. MTProto is Telegram‘s version of transport level security (TLS) which is used to secure data in transit and to protect users from man-in-the middle attacks.

The researchers also took a deeper look into Telegram’s clients for Android, iOS and desktop where they discovered code that could be used to recover some plaintext encrypted messages. However, in order to carry out an attack exploiting this flaw, an attacker would need to send millions of carefully crafted messages to a potential target making it almost impossible to do.

Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
July 21, 2021 4:27 pm

<p>Many people often wrongly assume that if the app they are using is security and privacy focused then it will remain 100% protected. However, even the most robust protected app will have a flaw that is exploitable from time to time. Therefore, it is vital to make sure the apps you are using are kept up to date and you delete any unused apps on your devices to refrain from become a potential risk.</p>

Last edited 11 months ago by Jake Moore
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x