Supposedly super secure Telegram app is vulnerable to MITM attacks, cybersecurity expert claims

Self-proclaimed 'cybersecurity expert' Jesus Diaz Vico says Telegram, the supposedly uber-secure and increasingly popular alternative to WhatsApp and the like, isn't quite secure enough.

In a blog post and a publication (PDF), Diaz Vico details how an attacker could potentially circumvent Telegram's authentication protocols by launching a 'Man-in-the-Middle attack' using a malicious third-party client as its main weapon. A successful exploitation of this attack, he writes, would give an attacker full control over the victim’s Telegram account.

Telegram is largely open-source, and the company behind the messaging app offers an open API, enabling anyone to build clients of their own. This causes a security issue, says Diaz Vico, because the company thus promotes the development of unofficial apps that could, potentially, be used to circumvent Telegram's security measures.

Is this a design flaw and is Telegram broken, or is this the kind of attack that can't really be prevented in any way?

Telegram, for its part, argues that malicious client software falls outside of its security scope as they can't really protect against it, advising people - with good reason - to only trust official and sanctioned Telegram client apps. For what it's worth, Diaz Vico says that's not enough, as even 'trusted' apps need to have advanced security measures in place to prevent exploitation of the vulnerability.

Too far-fetched or a legitimate concern? Worth a closer look by crypto experts as Telegram spreads.

Source: Hacker News

Share this:
Share on linkedin
Share on facebook
Share on twitter

Get exclusive access to news, data and actionable insights on the European Tech innovation ecosystem(s)

By subscribing to Tech.eu, you gain instant access to curated European technology news, market intelligence and interviews with leading startup founders, investors and more. Sign up now in under a minute to deepen your knowledge on the European Tech innovation ecosystems on a daily basis.