Laughter goes through neighborhoods, as that one said. In this case we refer to Telegram, the messaging application that has reached mobile devices brandishing a greater security than many of its rivals in the market, especially WhatsApp. Well, it seems that this development has a security hole.
According to our colleagues from NetworksZone, the problem affects the user privacy, so we are not talking about a precisely “minor” problem, since this is an aspect key to choosing an app messaging both in the personal and professional spheres.
Apparently, the failure affects the communication between server and client, since when establishing communication between both, it occurs an authentication vulnerability…so this can be ignored by a third party (since the legitimacy of the messages is not verified on the Telegram server) public keys used). In this way, it would be possible to reach take control of the account, impersonate and even access records.
The fact is that the researchers who detected the vulnerability, who have been working on it for some time, have already reported the problem to Telegram (although what is happening with the corresponding reports has only just been made public). The truth is that due to the importance of what happened, it is certain that a solution about it, but it is true that the measures must be taken necessary precautions to avoid security problems.
Be that as it may, what happened is a Important problem for Telegram, since it affects one of the sections that it has used to differentiate itself from other similar developments: the to maximise security and your enjoyment.While waiting for the solution to what is happening, of which we will keep you fully informed, it seems that Not only whatsapp It has some operating problems ... its rivals are not spared either, as has become clear.
Via: RedesZone Source: INTECO.
Other attack surfaces on Telegram that you should know about
Beyond the failure described, there are functions that can impact the data exposure. The characteristic “People nearby” allows you to discover nearby users and displays the distance in meters when both have it activated. Although it is deactivated by default, its use can facilitate location triangulations.
Researchers have shown that, with calculation techniques and external tools such as the well-known “Close-Circuit Telegram Vision (CCTV)”, it is possible estimate locations more accurately than expected using the public API. Telegram has denied that accuracy, claiming that the server data is less accurate, but the scenario recommends disable function if it is not essential and check your status periodically
Default privacy, “Last seen” and group control
Unlike other services, in Telegram the end-to-end encryption It is not active by default in all chats; it is limited to “secret chats” Personal. Standard chats, groups, and channels are stored in the Telegram cloud and encrypted with its protocol. MT Proto (non-standard), which implies that the protection does not equate to universal E2EE.
Another source of exposure is the state of “Last connection”. Third-party tools may record patterns connection status if visible, and even infer interactions between users. Mitigate risk by limiting who can see your status from Privacy & Security, and consider hiding it altogether.
Telegram allows you to hide your phone number behind a Username, which provides an extra layer over WhatsApp. Still, it's a good idea to adjust who can add you to groups (better “My contacts”) to stop spam and unwanted subscriptions.
Telegram Web, malicious files and multimedia exploits
Research by security firms has revealed vulnerabilities in Telegram Web and in the management of multimedia files. There have been cases described where a seemingly innocuous image or video could inject code or open access to local session data. After responsible reporting, platform teams published corrections, so it's essential update browser and the app frequently.
As digital hygiene measures, disable the automatic download multimedia, avoid opening files from unknown senders and activate the two step authentication with an additional password in Telegram. For businesses, it's a good idea to monitor traffic and apply security controls. perimeter security to inspect attachments.
SMS Account Hijacking (SS7) and How to Protect Yourself
The weaknesses of the mobile signaling ecosystem (SS7) have allowed advanced actors to intercept for years SMS codes and hijack accounts linked to phone numbers. In messaging, an attacker could validate their device as yours.
Minimize the risk by avoiding SMS as second factor when there is an alternative, using Telegram's additional protection (two-step verification password), checking active sessions and closing accesses that you do not recognize.
Good practices for users and organizations
- always update mobile, desktop, and web clients; restart your browser to apply patches.
- Activate the two step verification with additional password and secure recoveries (not just SMS).
- Check out “People nearby” and disable it if you don't need it; check Last connection.
- Deactivate automatic download of multimedia and be wary of unexpected files.
- Limit who can add you to groups to “My Contacts” and use user instead of number.
- Evita unofficial clientsIf you use them, download them only from official stores with a proven reputation.
- Watch session thefts by cookies: if you suspect compromise, log out of all browsers, change your password and log back in to invalidate tokens.
For businesses: inform employees, define policies for sensitive data In messaging, it monitors files and links, and evaluates alternative channels if a critical flaw is actively exploited.
About deleting, copying, and common myths
Deleting messages does not guarantee their immediate deletion server backups. To preserve your information, use the desktop client to export chats from Settings → Advanced → Export data, choosing HTML or JSON as needed.
Rumors are circulating about the remote delete Apps on iOS or Android; stores don't routinely remove apps from users' devices. Always download from official sources and be wary of supposed donation campaigns or “alternative clients” that promise miraculous security.
The snapshot is clear: Telegram offers powerful and flexible features, but its security model requires conscious adjustments by the user. Fine-tuning the Privacy settings, applying double factor, being cautious with functions of geolocation And by keeping everything up to date, you can significantly reduce your attack surface.