Telegram app got a security issue by which it failed to delete the destructive audio and video files from the users’ devices as expected

With Telegram, you can send messages, photos, videos, and files of any type to other people all over the world. This app has millions of users because it provides privacy to its users. But recently, its privacy feature found to have a flaw due to which it failed to delete the destructive audio and video files from the users’ macOS devices as these were expected to be deleted. Many people had this privacy problem. To maintain the privacy of its users’ Telegram app provides people Secret chat mode that gives an extra layer of privacy protection to those people who are very conscious about data theft or stolen.

While you are in a secret chat mode you cannot forward these messages to other people to maintain privacy as the connection is all end-to-end encrypted. All the conversation and audio and video files will be removed automatically after some time. This makes the privacy policy or Telegram stronger. Recently, a security researcher named Dhiraj Mishra found a flaw in the security feature of Telegram 7.3, due to which it failed to delete the destructive files were not deleted from the receivers’ devices. This could put damage on the reputation of this app if it was not resolved as early as possible because many people trust the privacy feature of this messaging app than any other app, as people in the past were migrated to this app from WhatsApp due to privacy failure of WhatsApp.


When Mishra was performing a security audit on macOS, he found that standard chats would outflow the sandbox path from where the received files are stored in a device. However, this path cannot be leaked in a secret chat, the received audio and the video file is still stored in the same folder of a device. This is how he pointed out the flaw which he has explained in a vulnerability report. When these self-destructive files are deleted or removed from the chats, you can still access the actual audio or video files in the computer’s folder. Mishra also shared an attack scenario in the report where the self-destructive files remained under the attacker’s custom path. Mishra said that it could be very dangerous for those people sending some private video files, thinking that these files will automatically be removed after some time. He further pointed out that Telegram was storing users’ local passcodes to unlock the app in plain text.

However, Telegram said that it has fixed this vulnerability in Telegram 7.4 as soon as it was pointed out by the researcher.

No comments:

Post a Comment