1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Researchers discover security flaws in Telegram encryption protoc

    From TechnologyDaily@1337:1/100 to All on Tue Jul 20 23:15:04 2021
    Researchers discover security flaws in Telegram encryption protocol

    Date:
    Tue, 20 Jul 2021 22:00:17 +0000

    Description:
    Royal Holloway researchers discovered the now patched flaws while analyzing Telegram's MTProto protocol.

    FULL STORY ======================================================================

    Researchers from the University of London's Royal Holloway have discovered several flaws in the MTProto protocol used by the popular encrypted messaging app Telegram .

    While end-to-end encryption (E2EE) is available in one-on-one chats, the MTProto protocol is used in the service's group chats (also known as cloud chats) as well as when users don't opt-in for E2EE. MTProto is Telegram's version of transport level security ( TLS ) which is used to secure data in transit and to protect users from man-in-the middle attacks.

    One of the security flaws discovered by Royal Holloway's researchers allowed an attacker on the network to reorder messages coming from a client to Telegram's servers. Although this flaw isn't particularly dangerous, the researchers did note that it was trivial to carry out. We've built a list of the best VPN services available These are the best proxy service providers on the market Also check out our roundup of the best endpoint protection
    software

    The researchers also took a deeper look into Telegram's clients for Android, iOS and desktop where they discovered code that could be used to recover some plaintext encrypted messages. However, in order to carry out an attack exploiting this flaw, an attacker would need to send millions of carefully crafted messages to a potential target making it almost impossible to do. Still secure

    Royal Holloway's researchers discovered a total of four vulnerabilities in Telegram's MTProto protocol and its clients and disclosed them to the company's development team back in April.

    In the time since, Telegram has updated its encrypted messaging app and none of the flaws now pose a risk to the company's users.

    In a new blog post , Telegram provided further details on the researchers' work and the changes it has made to patch the flaws, saying:

    The latest versions of official Telegram apps already contain the changes
    that make the four observations made by the researchers no longer relevant. Overall, none of the changes were critical, as no ways of deciphering or tampering with messages were discovered. We've also highlighted the best antivirus

    Via Gadgets360



    ======================================================================
    Link to news story: https://www.techradar.com/news/researchers-discover-security-flaws-in-telegram -encryption-protocol/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)