Monday, July 6, 22:48 p.m.
Home security Telegram fixes a significant security vulnerability

Telegram fixes a significant security vulnerability

TelegramMost people have, at some point, sent a message or a photo to the wrong person. A lot applications, As the Telegram, they offer to users the the ability to undo sending the message. This will delete the message from the recipient's device.

However, a security investigator, Dhiraj Mishra, discovered that a vulnerability Telegram did not allow users to remotely delete a message. In fact, users could delete a text message but photos and videos were saved to device of the recipient.

The sender thought he was erasing the photo as well was no longer displayed in the chat window, but the recipient could see it if it was in the Telegram Images folder.

As mentioned above, other services such as WhatsApp also allow the deletion of messages. However, in WhatsApp it does deletion of the image and the storage space and not just the communication window, as is the case with Telegram.

In personal conversations, this vulnerability may not pose a serious problem. But in the case of a "supergroup", which may contain thousands of active members, sending a personal image or a video and failure to remove them can cause serious problems for the sender.

Worst of all is that the sender thinks the message has been deleted and that the recipients have no access in this.

Mishra confirmed the error to Telegram on Android 5.10.0 version (1684).

Researcher informed Telegram of the existence of the vulnerability and the application was released quickly a correction, which is included in the latest update version by Telegram, 5.11.

The messaging app rewarded Mishra with € 2.500 for his discovery.

Vulnerabilities in such applications are common. In August, Check Point revealed errors in the application of WhatsApp messaging that allowed hackers monitor and handle user messages. The Facebook stated that one of the three errors has already been corrected and is working on the other two.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Windows 10 2004: Unauthorized settings "block" the upgrade

Users report that they have a problem with Windows 10, since they are excluded from the application of the May 2020 update, when they manually attempt to ...
00:02:04

Lenovo is improving Linux ThinkPads but the problems remain

Last month, when Lenovo announced that it was going to certify the ThinkPad series for use with Linux operating systems, we thought directly ...

Nigerian accused of fraud against US companies

A Nigerian was taken to the federal court in Chicago on Friday, after being accused of coordinating an international cyber fraud system, which affected ...

Home routers display critical errors and run unpatched Linux

The German Fraunhofer Communication Institute (FKIE) conducted a survey that included 127 home routers from seven different brands, in an effort to ...

IPhone 12 release: Will we finally see it by the end of 2021?

New data on the release of the iPhone 12, which we all expect not to happen in September, say that it will only be delayed ...

MySQL: Replaces terms that reinforce racial discrimination

MySQL database developers have announced that they will be replacing terminology such as master, slave, blacklist, and whitelist.

The CEO of a cryptocurrency investment company was cheating

As reported by News24, Willie Breedt, the founder of VaultAge Solutions (cryptocurrency investment company), declared bankruptcy last week and the ...

United Kingdom: Will it exclude Huawei from its 5G networks?

The UK government has received an NCSC report on Huawei, which may change its policy ...

A Yahoo engineer is not in jail after hacking 6.000 accounts

A former Yahoo engineer has been sentenced to five years in prison for hacking into personal accounts ...

PoC exploits released for critical vulnerability on F5 BIG-IP devices

PoC exploits released for critical vulnerability on F5 BIG-IP devices Two days after the release of updates on critical vulnerability on F5 ...