Researchers Find Multiple Flaws in Telegram Cloud Chats, Fix Issued

Telegram has rolled out an update to patch security vulnerabilities that a group of researchers highlighted recently with the company’s MTProto protocol. Researchers from Royal Holloway, University of London analysed this encryption protocol used by Telegram and highlighted the flaws in its cloud chats method. The MTProto protocol is used when users do not opt-in for end-to-end encryption (E2EE). Telegram has said it has rolled out updates to its app and they “already contain the changes that make the four observations made by the researchers no longer relevant”.

In its latest blog post, Telegram acknowledged the vulnerabilities highlighted by the researchers and said that the latest version of its app comes with fixes for all the flaws mentioned. It further adds: “None of the changes were critical, as no ways of deciphering or tampering with messages were discovered.”

While E2EE is the most preferred method for securing chats, Telegram also uses a protocol called MTProto to secure its cloud chats. This is the company’s version of transport layer security (TLS) — a popular cryptographic standard meant to ensure the security of data in transit. TLS protects Telegram users against man-in-the-middle (MITM) attacks to a certain extent but does not stop servers from reading texts completely. One such flaw included the ability to re-order messages and an attacker could use this vulnerability to manipulate Telegram bots.

The researchers also found a flaw that could allow hackers to extract plain text from encrypted messages. This flaw was found in Android, iOS, and desktop versions of Telegram. Telegram notes that extracting text through the mentioned flaw would require a significant amount of work by the hacker.

In any case, all of the flaws mentioned by the researchers are said to have been fixed with the latest update. If you use Telegram, ensure that you are on the latest version by going into your device’s app store and installing the latest update.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.


Tasneem Akolawala is a Senior Reporter for Gadgets 360. Her reporting expertise encompasses smartphones, wearables, apps, social media, and the overall tech industry. She reports out of Mumbai, and also writes about the ups and downs in the Indian telecom sector. Tasneem can be reached on Twitter at @MuteRiot, and leads, tips, and releases can be sent to [email protected].
More

Best Drama and Comedy-Drama Series on Amazon Prime Video in India

Related Stories

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.