Disturbing Telegram Symptoms

Telegram for me turned out to be a very convenient and secure messenger. The security aspect turned out to be decisive in the choice, namely, the established competition for breaking the message encryption algorithm.

The very fact of the existence of such a competition had a very positive effect on my attitude and the attitude of those with whom I communicate to Telegram. But the time-limited nature of the competition has brought some concerns regarding the fact that with the next update, the encryption algorithm may be changed to a vulnerable version and private correspondence will become available to those to whom it was not intended. It would be logical if the competition was unlimited in nature. In my opinion, this could add confidence to the messenger.

But ensuring message confidentiality is not only about strong encryption algorithms.

So, if you lose your smartphone with Telegram installed, the support service advises you to contact your mobile operator to block the SIM card and use the built-in Telegram function to disconnect sessions from other devices. And if you are afraid for your data (but there is a reason to be afraid), then you should clean the device remotely (http://support.apple.com/kb/PH2701, www.google.com/android/devicemanager ) or delete the Telegram account .

But these actions do not guarantee that private data will not be available to third parties.

I accidentally discovered a vulnerability (an undocumented feature?) That allowed access to files exchanged by users.

The bottom line is this: if in a secret chat users exchanged files, then deleting files by timer or manually does not occur.

Files are available here - /SD card/Android/data/org.telegram.messenger/cache/. Files are not encrypted in any way and access to them is not limited. Android operating system. Phone with an SD card. Telegram version 1.9.4.

You can verify this by viewing this folder on your Android phone.

Thus, when gaining physical access to the phone or its SD card, there is an opportunity for third parties to access the files exchanged by users, even if the message has expired or the option to delete chat content was used upon request.

There is also the possibility of replacing the file - just set the file to the same name as the replacement and the file will be reflected in the chat window (tested on the photo).

PS Information was sent to support@telegram.org October 13 at 22:42 (UTC + 3)
UPD
PPS Support is silent.

Also popular now: