قالب وردپرس درنا توس
Home / Technology / A sticker sent on Telegram could have revealed your secret conversations

A sticker sent on Telegram could have revealed your secret conversations



Cybersecurity researchers on Monday revealed details of a now patched bug in the Telegram messaging app that could have revealed users’ secret messages, photos and videos to external malicious actors.

The issues were discovered by Italy-based Shielder in iOS, Android and macOS versions of the app. Following responsible disclosure, Telegram addressed them in a series of updates on 30 September and 2 October 2020.

The bugs stem from the way secret chat functionality works and in the app̵

7;s handling of animated stickers, allowing attackers to send malformed stickers to unsuspecting users and access messages, photos and videos exchanged with their Telegram contacts through both classic and secret conversations.

password auditor

One caveat is that exploiting the flaws in nature may not have been trivial, as it requires linking the aforementioned vulnerabilities to at least one additional vulnerability to get around security defenses in modern devices today. It may sound insurmountable, but on the contrary, they are well within reach of both cybercrime gangs and nation state groups.

Shielder said it chose to wait at least 90 days before revealing the bugs publicly to give users plenty of time to update their devices.

“Periodic security reviews are crucial in software development, especially with the introduction of new features, such as the animated stickers,” the researchers said. “The flaws we have reported could have been used in an attack to gain access to the units of political opponents, journalists or dissidents.”

It’s worth noting that this is the second bug discovered in Telegram’s secret chat feature, following last week’s reports of a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after that they disappeared from secret chats. .

This is not the first time images, and multimedia files sent via messaging services, are becoming the weapon to carry out scary attacks.

In March 2017, researchers from Check Point Research unveiled a new form of attack against online versions of Telegram and WhatsApp, which involved sending users seemingly innocent image files that contained malicious code that, when opened, could have allowed an opponent to take over users’ accounts. in any browser, and access victims’ personal conversations, photos, videos and contact lists.




Source link