Security Flaws in Telegram Encryption, Expert Weighs In

By   ISBuzz Team
Writer , Information Security Buzz | Jul 21, 2021 08:26 am PST

Researchers from the University of London’s Royal Holloway have discovered several flaws in the MTProto protocol used by the popular encrypted messaging app Telegram techradar report.

While end-to-end encryption (E2EE) is available in one-on-one chats, the MTProto protocol is used in the service’s group chats (also known as cloud chats) as well as when users don’t opt-in for E2EE. MTProto is Telegram‘s version of transport level security (TLS) which is used to secure data in transit and to protect users from man-in-the middle attacks.

The researchers also took a deeper look into Telegram’s clients for Android, iOS and desktop where they discovered code that could be used to recover some plaintext encrypted messages. However, in order to carry out an attack exploiting this flaw, an attacker would need to send millions of carefully crafted messages to a potential target making it almost impossible to do.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Global Cyber Security Advisor
July 21, 2021 4:27 pm

<p>Many people often wrongly assume that if the app they are using is security and privacy focused then it will remain 100% protected. However, even the most robust protected app will have a flaw that is exploitable from time to time. Therefore, it is vital to make sure the apps you are using are kept up to date and you delete any unused apps on your devices to refrain from become a potential risk.</p>

Last edited 2 years ago by Jake Moore

Recent Posts

Would love your thoughts, please comment.x