Unlike WhatsApp, which enforces end-to-end encryption security in all your conversations, in Telegram this only applies when you start a secret chat. According to the app’s FAQ, “Secret chats are intended for those who want more security than the average person. All messages in secret chats use end-to-end encryption. This means that only you and your recipient can read those messages; nobody else can decipher them, including us on Telegram. “
Security flaw in Telegram
In March 2017, researchers from Check Point Research revealed a new form of attack against the web versions of Telegram and WhatsApp, which consisted of sending users apparently innocuous image files containing malicious code that, when opened, could having allowed an adversary to take control of user accounts in any browser completely, and to access personal and group conversations of victims, photos, videos and contact lists.
And it seems that multimedia files are once again starring in a security flaw in one of the apps, since a group of cybersecurity experts from the Italian company Shielder announced yesterday the details of a bug, already patched, in the versions of Telegram for iOS , Android and macOS, which could have exposed users’ secret messages, photos, and videos to “remote malicious actors,” hackers, and cybercriminals.
The flaws originated from the way the secret chat functionality operates and the application’s handling of animated stickers, which allows attackers to send manipulated stickers to unsuspecting users and gain access to the messages, photos and videos that they exchanged with their Telegram contacts through the classic and secret chats.
View your chats through a malicious sticker
But the problem is not from last week, it happened last year, and was corrected by Telegram with a series of updates released between September 30 and October 3, 2020. Shielder said he decided to wait at least 90 days before publicly disclosing the bugs to give users enough time to update their devices.
“Regular security reviews are crucial in software development, especially with the introduction of new features, such as animated stickers. The bugs we have reported could have been used in an attack to access the devices of political opponents, journalists or dissidents. ”
Be that as it may, the problem was solved, and although the bug may never have been exploited by cybercriminals, it is also possible that many Telegram users have seen their privacy violated without realizing it, something that should have been communicated on the same day or on the days the updates were released, to at least let users know.