Telegram on MacOS [presumably] also locally stores correspondence in an accessible form

Illustration of bleepingcomputer.com

Never was this, and here again ...
US researcher Nathaniel Sachi discovered that the Telegram application does not protect the user's local correspondence by encrypting:


')

Telegram stores your messages in an unencrypted SQLite database. At least I did not have to make an effort to find the key this time. Although [posts] are quite difficult to view (probably, you need to write some kind of auxiliary script in python?) - this is very similar to the problem with Signal

UPD Information is provided in the form in which it was in the original source and twitter researcher.
UPD 2 Received an exposing comment from Pavel Durov



Nathaniel Sachi also checked the “secret chat” function in the Telegram for macOS application ( there are no secret chats in the Windows version, thanks to mwizard , however, Telegram Desktop is mentioned in the original source). It turned out that messages from the secret chat are in the open form in the same database as regular messages. Those. Although data transmission for secret chats is reasonably well protected, a local copy of messages from such chats is stored locally without any protection from the application itself.


Telegram supports setting a local pincode to prevent unauthorized access to a running application, but this feature does not imply any additional protection for the local SQLite database with message history (as the researcher says).



Sent media files in correspondence are also not particularly hidden, but only obfustsiruyutsya. Nathaniel Sachi needed only to change the file extension to view the photos from his chat.

I recall a few days ago, the hacker Matthew Syush revealed a similar problem with the lack of protection of the local database of message history in the Signal application.

Updated!