If you are one of the tens of millions of users who have recently switched to WhatsApp for Telegram, or if you are considering making that move, a newly reported security issue should be addressed. be a major concern. Here’s what you need to know.
WhatsApp Telegram Vs.
SOPA / LightRocket Images via Getty Images
As the dust finally settles WhatsApp nightmare will begin until 2021, the new reality for Facebook ‘s popular messaging platform is that the landscape has changed. Signals have gone from niche to frontier mainstream, and while Telegram was already widely used, it has grown significantly in western emergency markets, beyond the less open markets in whether it was historically strong. The impact of the network will now attract millions more users to each.
As I explained before, while Signal is more secure than WhatsApp, No Telegram. In fact, Telegram’s cloud-based architecture is a serious threat compared to the basic end-to-end encryption used by Signal and WhatsApp, which also use the Signal protocol.
Not all group messages on Telegram are encrypted between your device and the Telegram cloud, your message history is stored on the Telegram cloud, and if you (wisely) transfer your WhatsApp chat history to Telegram, then this is also stored on its cloud. Make sure you understand that Telegram has the decryption keys for any data you store on its cloud – this is no different from the encryption issues with Apple’s cloud backup and Google.
This is clearly demonstrated by law enforcement agencies campaigning to undermine such encryption, enabling legal scrutiny and capture of user content. The industry is rightly pushing backwards, such a compromise would undermine security for everyone, everywhere. When it comes to real issues such as child safety, the best solution is to use metadata analysis (as Facebook does) or restrictions on access to end-to-end encryption, perhaps by age or just when a smartphone is connected to an account.
Telegram will not talk about the bad issues with its security architecture compared to Signal and WhatsApp, it is clear that its claims that it is more secure than WhatsApp are wrong. In the messaging world, end-to-end encryption is nothing affected. Time. Telegram always mentions its secret chairs, which are rotated from end to end, although can only operate between two individuals on one apiece device, bypassing the platform’s cloud storage .
But a security report, published this week, has published new issues. The researcher behind the report, Dhiraj Mishra, told me, even here, “vulnerabilities in the messaging app meant that the suicidal people were not sent and received conversations in Delete macOS telegram of course. ”Mishra found that audio and video attachments sent“ secretly ”will be found on the same storage path as those that sent Telegram messages by default, not end-to-end encrypted messages.
On regular messaging, Mishra states, “the app exits the sandbox path where the registered message is stored. ”It is worrying, however,“ while performing the same function under the secret chat option the MediaResourceData (path: //) URI was not released, but the audio / video message registered still stored on the [same] path. “A much worse question, however, was” the secret conversation option contains a self-destructive message, stored even after the message is self-destructive. ” This is a security disaster.
Mishra also discovered that Telegram stored local passcodes on MacOS in plaintext. “In a local attack vector,” he told me, “a malicious actor could use such sensitive information to circumvent this control and monitor end users chatting.
This is clearly a less serious case but does not reveal a security approach at first. Any Telegram termination compromise has a major impact in terms of access to cloud storage – the architecture supports instant multi-device access and synchronization messages at all times, allowing even to initiate messages on a single device and to complete on another device. But everything comes at a heavy price, security wise.
Mishra claims that Telegram kept both of those issues with version 7.4, and paid a bounty for it – the platform has yet to respond to my request for comment.
The fact that these issues are published and circulated is next to the point. The secret chat vulnerability remains further evidence that switching from WhatsApp to Telegram is a bad idea, with its lack of support for basic end-to-end encryption. According to founder Pavel Durov, “Telegram became the most downloaded mobile app in the world in January 2021.” Where these users are blackmailing WhatsApp’s end-to-end encryption for a Telegram cloud-based solution, this is a move backwards.
Mishra says “in the past, I have identified many other vulnerabilities in Telegram, which leak sensitive information even with the secret e2ee chat technology. The quality of e2ee Telegram can be improved. So, for the tens of millions of WhatsApp users who are making or considering that change, the decision has suddenly become a lot easier – just Signal is the alternative which is actually better.
“Use Signal,” Mishra confirms, telling me that “Signal REDACTs sensitive endpoints – sessionID, attachementDownloads etc – keep all this in mind, Textsecure Signal protocol is better than Telegram and WhatsApp.”
For those of you who are determined to stick with Telegram, Mishra advises you to ‘delete your Cloud Drafts’ under ‘Privacy and Security’ and to restrict your conversations. ”In his view,“ handling user privacy / data should not be so strict. Telegram’s security model has received many criticisms from many cryptologists in the past. “
Putting this new report aside, you don’t have to hurry to move from WhatsApp over this year’s privacy backdrop – nothing has changed. As I said a few weeks ago, you can run WhatsApp and Signal at the same time, and as more of your acquaintances do the same, you will find yourself using Signal ever more. bigger and WhatsApp ever smaller. And security- and privacy-wise, that’s fine.