Telegram, Signal are vulnerable to hackers as well [Update]

By Digit NewsDesk | Published on Nov 11 2019
Telegram, Signal are vulnerable to hackers as well [Update]

HONOR smart bands

Track your fitness with HONOR Band 5

Click here to know more

HIGHLIGHTS

A recent report claims that chat apps like Telegram and Signal aren’t safe from cyber attacks

Unlike WhatsApp and Apple iMessage, Telegram doesn’t offer end-to-end encrypted chats

Telegram and Signal don't have the resources of WhatsApp to fight off attackers

Update: Soon after we published this article, Telegram sent us a statement claiming that the protocol used by the chat app, MTProto, doesn't lack scrutiny. It is said to be documented and available for anyone to view. Additionally, Telegram says that source code of its app is available for everyone and there's also a bug bounty program by the company that encourages one to find vulnerabilities in the app and bag a reward anywhere between $500 to $100,000. We tried accessing the MTProto documentation and Telegram's source code via the provided links, however, it seems both the websites aren't working as of updating this article. The research paper that highlights below-mentioned flaw also mentions metadata retrieval by an attacker and Telegram says this metadata is the "last seen" time and online status, which a user has control over.

Original story:

WhatsApp-NSO group spyware recently affected an estimated total of 1,400 users globally, including many users in India. While some users may have drifted towards other chat applications for security reasons, a recent report claims that chat apps like Telegram and Signal aren’t safe either. 

While leading chat apps offer a certain amount of encryption, it must be noted that this encryption has its flaws as well. Once hackers get to know any vulnerability or bug in the app security ecosystem, a user’s personal data is at their mercy. Unlike WhatsApp and Apple iMessage, Telegram doesn’t offer end-to-end encrypted chats. However, it offers the added layer of security through a manually activated 'Secret chat' option.

A recent research paper from MIT highlights several flaws in Telegram’s security features noting that it employs its own messaging protocol, called "MTProto", which lacks scrutiny from outside cryptographers. Further, the paper has claimed that Telegram follows the old cloud-based approach for data storage, which means, if hackers are able to gain control of Telegram’s server system, they will have access to unencrypted messages as well as all the metadata. 

WhatsApp, when hit by the Pegasus cyberattack, quickly fixed the issue and sent out notices to the government and its users that they were in danger. The company also started legal proceedings simply because of the kind of resources it has. Unlike WhatsApp, companies like Telegram and Signal do not have the resources and strength to fight off these kinds of attacks. 

 

logo
Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.