Researchers from the University of London’s Royal Holloway have discovered several flaws in the MTProto protocol used by the popular encrypted messaging app Telegram techradar report.
While end-to-end encryption (E2EE) is available in one-on-one chats, the MTProto protocol is used in the service’s group chats (also known as cloud chats) as well as when users don’t opt-in for E2EE. MTProto is Telegram‘s version of transport level security (TLS) which is used to secure data in transit and to protect users from man-in-the middle attacks.
The researchers also took a deeper look into Telegram’s clients for Android, iOS and desktop where they discovered code that could be used to recover some plaintext encrypted messages. However, in order to carry out an attack exploiting this flaw, an attacker would need to send millions of carefully crafted messages to a potential target making it almost impossible to do.