Thursday, Oct 06, 2022

Telegram update fixes security flaws with Cloud Chats encryption

Four security flaws were recently reported with Telegram's MTProto encryption protocol that compromised the security of the platform's Cloud Chats.

Telegram, Telegram new features, Telegram Sponsored Messages, Sponsored Messages feature, Telegram latest features, Telegram to pay users, Telegram newsTelegram says that Sponsored messages on Telegram will only be shown in large public one-to-many channels which have more 1000 members(Image source: File)

Telegram rolled out an update to patch a number of security vulnerabilities with the MTProto protocol. A group of researchers from Royal Holloway, University of London analysed the MTProto encryption protocol used by Telegram and listed the flaws with the app’s cloud chats method.

The MTProto protocol is used by Telegram when users do not opt-in for end-to-end encryption (E2EE). Telegram’s MTProto protocol is the company’s version of transport layer security, or TLS, a popular cryptographic standard meant to ensure the security of data in transit.

TLS security does protect Telegram users against man-in-the-middle attacks to an extent but does come with its flaws, one of which is that it doesn’t stop servers from reading texts completely.

The protocol can also be reportedly exploited to re-order messages, which an attacker could use to manipulate Telegram bots. Another flaw allows attackers to extract plain text from encrypted messages. Found in Android, iOS and the desktop version of the app, the flaw would require a lot of work on the attacker’s part but still allowed extraction to be possible.

Subscriber Only Stories
Remembering Indian tennis great, Naresh Kumar, who passed away on Septemb...Premium
How Carlsen would need to cheat just once in a game of chess to be invinc...Premium
IAS officer’s initiative scales up students’ learning level in Sangli sch...Premium
Rising rates after four repo hikes: Turbulent times ahead for home loan s...Premium

Telegram has now said that it has rolled out updates to the app, fixing the observations made by the researchers.

“The traits of MTProto pointed out by the group of researchers from the University of London and ETH Zurich were not critical, as they didn’t allow anyone to decipher Telegram messages. Reading, or extracting the messages in a plain text format was practically impossible even before the updates were released by Telegram. The latest versions of official Telegram apps already contain the changes that make the four observations made by the researchers no longer relevant,” Telegram said in a statement.

“All the chats on Telegram are encrypted by default – the cloud chats on Telegram’s own servers are encrypted by MTProto protocol, and the Secret Chats are encrypted under end-to-end encryption protocol,” Telegram further clarified in the statement.


If you’re using Telegram on desktop, Android or iOS, now is a good time to get the app updated to the latest version from the App Store or Play Store to make sure these security vulnerabilities don’t make you a target for attackers.

First published on: 19-07-2021 at 07:09:49 pm
Next Story

Indian athletes at Olympic village: Mixed reviews for Indian food, no daily housekeeping, hot water needed

Latest Comment
Post Comment
Read Comments