Telegram Cloud Chats Found to Have Multiple Flaws by Researchers, Fix Issued for all Platforms

Researchers from Royal Holloway, University of London analysed MTProto encryption protocol used by Telegram and highlighted the flaws in its cloud chats method.

By Tasneem Akolawala | Updated: 19 July 2021 13:58 IST

Telegram Cloud Chats Found to Have Multiple Flaws by Researchers, Fix Issued for all Platforms

Telegram has fixed all four flaws with the latest versions on all platforms

Highlights

Telegram uses a protocol called MTProto to secure its cloud chats
This protocol was analysed by researchers, several flaws were found
One such flaw includes the ability to re-order messages

Telegram has rolled out an update to patch security vulnerabilities that a group of researchers highlighted recently with the company's MTProto protocol. Researchers from Royal Holloway, University of London analysed this encryption protocol used by Telegram and highlighted the flaws in its cloud chats method. The MTProto protocol is used when users do not opt-in for end-to-end encryption (E2EE). Telegram has said it has rolled out updates to its app and they “already contain the changes that make the four observations made by the researchers no longer relevant”.

In its latest blog post, Telegram acknowledged the vulnerabilities highlighted by the researchers and said that the latest version of its app comes with fixes for all the flaws mentioned. It further adds: “None of the changes were critical, as no ways of deciphering or tampering with messages were discovered.”

While E2EE is the most preferred method for securing chats, Telegram also uses a protocol called MTProto to secure its cloud chats. This is the company's version of transport layer security (TLS) — a popular cryptographic standard meant to ensure the security of data in transit. TLS protects Telegram users against man-in-the-middle (MITM) attacks to a certain extent but does not stop servers from reading texts completely. One such flaw included the ability to re-order messages and an attacker could use this vulnerability to manipulate Telegram bots.

Telegram Finally Allows Users to Make Group Video Calls

The researchers also found a flaw that could allow hackers to extract plain text from encrypted messages. This flaw was found in Android, iOS, and desktop versions of Telegram. Telegram notes that extracting text through the mentioned flaw would require a significant amount of work by the hacker.

In any case, all of the flaws mentioned by the researchers are said to have been fixed with the latest update. If you use Telegram, ensure that you are on the latest version by going into your device's app store and installing the latest update.

The recently-concluded first season of Loki is our focus this week on Orbital, the Gadgets 360 podcast. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.