The security of users information during exchanges and locally is both important. Security researchers have recently discovered significant security vulnerability in the desktop version of Telegram. this Telegram desktop Vulnerability seriously compromises the security of a user’s stored information. In the desktop version of Telegram, user dialogs are saved as plain text, and photos and images are stored simply and locally without encryption. This is a very dangerous issue for Telegram, which has always been the main strength of users’ information security.
Several vulnerabilities in the Telegram cryptographic system
Researchers have carefully studied the cryptographic protocol of Telegram messengers and found that the system has a variety of problems, ranging from small and simple errors to more advanced problems.
Telegram uses a special encryption system called MTProto to secure communications between the user and their servers. Unlike two-way encrypted messengers, these messengers provide only a limited level of this social media security for users’ communications. An attacker can change the order of messages by attacking the Telegram network. Of course, Telegram has confirmed that it has fixed this problem in the new versions.
Another Telegram desktop vulnerability, which is also seen in the Android versions of Telegram iOS, allows an attacker to receive unencrypted content from messages. To do this matter, special messages must be sent to the subject on a scale of several millions. Although this is almost impossible to do in practice, it does not rule out the vulnerability of the telegram system. This company claims to have fixed the problem in June and rewarded the bug detector.
Researchers have also shown how hackers can attack a “middle attacker” in the process of moving primary cryptographic keys between a client and a server. . The attacker replaces the server in this attack. Fortunately, this attack is also very difficult, because it has to send several billion messages to the Telegram server in a few minutes. This problem has also been fixed in new updates.
Main cause of Vulnerability in desktop version of Telegram
Telegram uses the SQLite database to store information locally. This information is stored without encryption and in plain text and this cases cause to Telegram desktop Vulnerability.
It is not easy to read the information in this database, but due to its simple text, using a few manual scripts, we can arrange to obtain meaningful information from the extracted information. Password protection in Telegram can prevent unauthorized access to this application, but this feature does not encrypt the stored data and therefore does not help to remove this vulnerability
Photos and images Vulnerability in the desktop version of Telegram
For photos and images, the ambiguity method has been used, but you can change the file extension to a photo and view its contents. Storing local data in plain text from massagers’ such as telegrams, which have always been invaluable in establishing secure communications, cannot be ignored. Messengers in which conversations cannot be overheard but local data is not encrypted and can be extracted.
Of course, by activating the disk encryption feature in the operating system, the user can cover this weakness, and in Windows via BitLocker, in macOS via FileVault this issue can be implemented in Linux can also be implemented.
Telegram desktop Vulnerability that causes users to abuse it!
An important Telegram desktop vulnerability has been discovered, according to hackers can extract digital currencies from your computer. By infecting a malicious file via Telegram, users infect their computer with a virus and allow Telegram hacking by hackers to extract the digital currencies from their computer’s processing power. This vulnerability provides hackers with remote access to the victim’s computer, allowing them to access cache files stored in Telegram.
Telegram co-founder Pavel Dorf has reacted to a report of Telegram desktop Vulnerability. He claimed in his Telegram channel that this is not a real security gap in Telegram Desktop.
“No one can remotely control your computer or telegram unless you open a file containing malware,” he wrote. This security gap is a kind of social engineering. In fact, this is a js file hidden in a png file and will only be activated if the user clicks on Run. So if you have not opened the malware file, your computer is completely safe.