Anxiety Symptoms Telegram
Telegram for me was a very convenient and safe messenger. The security aspect was decisive in the choice, namely, the established contest for breaking the message encryption algorithm.
The very fact of such a competition has had a very positive effect on my attitude and the attitude of those with whom I communicate to Telegram. But the limited nature of the competition has brought some concerns about the fact that during the next update the encryption algorithm can be changed to a vulnerable version and private correspondence will be available to those to whom it was not intended. It would be logical if the competition was of an indefinite nature. In my opinion, this could add confidence to the messenger.
But ensuring privacy of messages is not only strong encryption algorithms.
So, if you lose your smartphone with Telegram installed, the support service advises you to contact your mobile operator to lock the SIM card and use the built-in Telegram function to perform the procedure for disconnecting sessions from other devices. And if you fear for your data (and fear there is something for that), then you should clear the device remotely (http://support.apple.com/kb/PH2701, www.google.com/android/devicemanager ) or delete the Telegram account .
')
But these actions do not guarantee that private data will not be available to third parties.
I accidentally discovered a vulnerability (an undocumented opportunity?) That allows you to access files shared by users.
The bottom line is this: if users exchanged files in a secret chat, then deleting files by timer or manually does not occur.
Files are available here - /SD card/Android/data/org.telegram.messenger/cache/. Files are not encrypted in any way and access to them is not limited. Android operating system. Phone with SD card. Telegram version 1.9.4.
You can verify this by viewing this folder on your Android phone.
Thus, when obtaining physical access to the phone or its SD card, it is possible for third parties to access the files shared by users, even if the lifetime of messages has expired or the ability to delete chat content on demand has been used.
It is also possible to replace the file - just set the file with the same name as the one being replaced and the file will be reflected in the chat window (tested on the photo).
PS Information was sent to support@telegram.org on October 13 at 22:42 (UTC + 3)
UPD
PPS Support is silent.
The very fact of such a competition has had a very positive effect on my attitude and the attitude of those with whom I communicate to Telegram. But the limited nature of the competition has brought some concerns about the fact that during the next update the encryption algorithm can be changed to a vulnerable version and private correspondence will be available to those to whom it was not intended. It would be logical if the competition was of an indefinite nature. In my opinion, this could add confidence to the messenger.
But ensuring privacy of messages is not only strong encryption algorithms.
So, if you lose your smartphone with Telegram installed, the support service advises you to contact your mobile operator to lock the SIM card and use the built-in Telegram function to perform the procedure for disconnecting sessions from other devices. And if you fear for your data (and fear there is something for that), then you should clear the device remotely (http://support.apple.com/kb/PH2701, www.google.com/android/devicemanager ) or delete the Telegram account .
')
But these actions do not guarantee that private data will not be available to third parties.
I accidentally discovered a vulnerability (an undocumented opportunity?) That allows you to access files shared by users.
The bottom line is this: if users exchanged files in a secret chat, then deleting files by timer or manually does not occur.
Files are available here - /SD card/Android/data/org.telegram.messenger/cache/. Files are not encrypted in any way and access to them is not limited. Android operating system. Phone with SD card. Telegram version 1.9.4.
You can verify this by viewing this folder on your Android phone.
Thus, when obtaining physical access to the phone or its SD card, it is possible for third parties to access the files shared by users, even if the lifetime of messages has expired or the ability to delete chat content on demand has been used.
It is also possible to replace the file - just set the file with the same name as the one being replaced and the file will be reflected in the chat window (tested on the photo).
PS Information was sent to support@telegram.org on October 13 at 22:42 (UTC + 3)
UPD
PPS Support is silent.
Source: https://habr.com/ru/post/240521/
All Articles