Updated: July 21, 2021 6:14:14 pm
Telegram rolled out an update to patch a number of security vulnerabilities with the MTProto protocol. A group of researchers from Royal Holloway, University of London analysed the MTProto encryption protocol used by Telegram and listed the flaws with the app’s cloud chats method.
The MTProto protocol is used by Telegram when users do not opt-in for end-to-end encryption (E2EE). Telegram’s MTProto protocol is the company’s version of transport layer security, or TLS, a popular cryptographic standard meant to ensure the security of data in transit.
TLS security does protect Telegram users against man-in-the-middle attacks to an extent but does come with its flaws, one of which is that it doesn’t stop servers from reading texts completely.
The protocol can also be reportedly exploited to re-order messages, which an attacker could use to manipulate Telegram bots. Another flaw allows attackers to extract plain text from encrypted messages. Found in Android, iOS and the desktop version of the app, the flaw would require a lot of work on the attacker’s part but still allowed extraction to be possible.
Telegram has now said that it has rolled out updates to the app, fixing the observations made by the researchers.
“The traits of MTProto pointed out by the group of researchers from the University of London and ETH Zurich were not critical, as they didn’t allow anyone to decipher Telegram messages. Reading, or extracting the messages in a plain text format was practically impossible even before the updates were released by Telegram. The latest versions of official Telegram apps already contain the changes that make the four observations made by the researchers no longer relevant,” Telegram said in a statement.
“All the chats on Telegram are encrypted by default – the cloud chats on Telegram’s own servers are encrypted by MTProto protocol, and the Secret Chats are encrypted under end-to-end encryption protocol,” Telegram further clarified in the statement.
If you’re using Telegram on desktop, Android or iOS, now is a good time to get the app updated to the latest version from the App Store or Play Store to make sure these security vulnerabilities don’t make you a target for attackers.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines
- The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.