Most people have, at some point, sent a message or a photo to the wrong person. A lot applications, As the Telegram, they offer to users the the ability to undo sending the message. This will delete the message from the recipient's device.
However, a security investigator, Dhiraj Mishra, discovered that a vulnerability Telegram did not allow users to remotely delete a message. In fact, users could delete a text message but photos and videos were saved to device of the recipient.
The sender thought he was erasing the photo as well was no longer displayed in the chat window, but the recipient could see it if it was in the Telegram Images folder.
As mentioned above, other services such as WhatsApp also allow the deletion of messages. However, in WhatsApp it does deletion of the image and the storage space and not just the communication window, as is the case with Telegram.
In personal conversations, this vulnerability may not pose a serious problem. But in the case of a "supergroup", which may contain thousands of active members, sending a personal image or a video and failure to remove them can cause serious problems for the sender.
Worst of all is that the sender thinks the message has been deleted and that the recipients have no access in this.
Mishra confirmed the error to Telegram on Android 5.10.0 version (1684).
Researcher informed Telegram of the existence of the vulnerability and the application was released quickly a correction, which is included in the latest update version by Telegram, 5.11.
The messaging app rewarded Mishra with € 2.500 for his discovery.
Vulnerabilities in such applications are common. In August, Check Point revealed errors in the application of WhatsApp messaging that allowed hackers monitor and handle user messages. The Facebook stated that one of the three errors has already been corrected and is working on the other two.