Tasken
Advanced
- Joined
- 22.09.20
- Messages
- 127
- Reaction score
- 1,059
- Points
- 63
The vulnerability allowed access to self-destructing audio and video messages long after they disappeared.
A vulnerability in the macOS version of the program that violates user privacy has been discovered in the popular Telegram messaging app. The problem was identified by security researcher Dhiraj Mishra in the Telegram app version 7.3. Its operation allowed access to self-destructing audio and video messages long after they disappeared from secret chats.
Unlike Signal or WhatsApp, conversations in telegram are not encrypted by default, except when users use secret chats, which keep data encrypted even on telegram servers. You can also send self-destructing messages in secret chats.
According to the researcher, when a user records and sends an audio or video message via a regular chat, the app transmits the exact path that the recorded message is stored in the ".mp4 " format. When the secret chat option is enabled, the path information is not transmitted, but the recorded message is still stored in the same location.
Even when a user receives a self-destructing message in a secret chat, the multimedia message remains available in the system after it is deleted from the chat screen.
"Telegram says that' super-secret 'chats leave no traces, but they store a local copy of such messages along a given path," Mishra explained.
The expert also found another problem in the macOS version of the app and telegram, in connection with which local passwords were stored in plain text in a json file located in the "/ Users / <User name> / library / group containers /<*>. <url>. keepcoder. Telegram / accounts-metadata./."
A vulnerability in the macOS version of the program that violates user privacy has been discovered in the popular Telegram messaging app. The problem was identified by security researcher Dhiraj Mishra in the Telegram app version 7.3. Its operation allowed access to self-destructing audio and video messages long after they disappeared from secret chats.
Unlike Signal or WhatsApp, conversations in telegram are not encrypted by default, except when users use secret chats, which keep data encrypted even on telegram servers. You can also send self-destructing messages in secret chats.
According to the researcher, when a user records and sends an audio or video message via a regular chat, the app transmits the exact path that the recorded message is stored in the ".mp4 " format. When the secret chat option is enabled, the path information is not transmitted, but the recorded message is still stored in the same location.
Even when a user receives a self-destructing message in a secret chat, the multimedia message remains available in the system after it is deleted from the chat screen.
"Telegram says that' super-secret 'chats leave no traces, but they store a local copy of such messages along a given path," Mishra explained.
The expert also found another problem in the macOS version of the app and telegram, in connection with which local passwords were stored in plain text in a json file located in the "/ Users / <User name> / library / group containers /<*>. <url>. keepcoder. Telegram / accounts-metadata./."