Telegram could expose your passwords and deleted files — what to do now

1. Home
2. News
3. Privacy

Telegram could expose your passwords and deleted files — what to do now

(Paradigm credit: NurPhoto / Getty Images)

A hidden flaw in the Telegram secure-messaging service could betrayal user passwords, a researcher constitute. The service may too expose media files from self-destructing letters.

Dhiraj Mishra, a security consultant working in Dubai, revealed in a blog post yesterday (Feb. 11) that the Mac desktop customer for Telegram indefinitely preserved audio and video files from self-destructing messages.

• Telegram: What it is and how to utilise it
• The best encrypted messaging apps
• Plus: Anyone can hack your Mac unless you patch it at present — here's how

He did some more poking effectually and found that the Mac Telegram client as well stored user passwords in plain text. Neither of these security lapses is a proficient thing. Malware or a crafty intruder could accept found both sets of files.

"Telegram fails again in terms of treatment the user's data," Mishra wrote in his blog post, sarcastically titled "The 'P' in Telegram Stands for Privacy."

The Mac client accordingly deleted self-destructing messages, Mishra wrote. Just if whatsoever video or audio files were fastened to those messages, those files could still exist found buried deep in the Mac'southward filesystem. Anyone, or annihilation, that knew where to look could find them.

Passwords were written in plainly text in the user's Telegram metadata, where it also could take been found by attackers.

Mishra told Bleeping Computer that he reported the flaws to Telegram in December and received a three,000-euro bug bounty for his trouble.

Telegram stock-still both flaws with the 7.4 update in late Jan. If yous're using Telegram on a Mac, make sure your client software is upwardly-to-date.

Telegram has seen a fasten in new users recently, after a privacy-permissions modify at WhatsApp prompted an exodus from the Facebook-owned service.

Many security professionals aren't convinced that Telegram is very safe to use for highly sensitive communications. They instead recommend the Signal service, which uses the same encryption equally WhatsApp.

Mishra concluded his blog with a clear indication of where he stands on the consequence, embedding Elon Musk'south now-famous tweet to "Use Signal." (Here'due south how.)

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has besides been a dishwasher, fry melt, long-booty driver, code monkey and video editor. He's been rooting around in the data-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom'southward Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown upwardly in random TV news spots and even chastened a panel discussion at the CEDIA abode-technology conference. Yous tin follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/telegram-mac-files-passwords-flaw

Posted by: scottdregat.blogspot.com

Share this post