Telegram Denies vulnerability, But Experts Say Desktop Users Are at Risk
Attacks using specially designed media assets, such as photos or movies, may target users due to a vulnerability in the Telegram Desktop application.
The blockchain security company CertiK brought to light a major security concern for Telegram users on April 9. They revealed a vulnerability that might allow malicious attacks to occur via the desktop version of the messaging service.
Through an alert on X (previously Twitter), CertiK revealed a “high-risk vulnerability in the wild” that might enable hackers to launch remote code execution (RCE) attacks via the media processing of Telegram.
Attacks using specially designed media assets, such as photos or movies, may target users due to a vulnerability in the Telegram Desktop application.
CertiK has advised users to change their Telegram Desktop settings to disable automatic media file downloads after their results caused worry.
As a safety measure, you may disable the app’s auto-download feature for “Photos,” “Videos,” and “Files” in the settings, especially under the “Automatic Media Download” section, for all conversation types.
A representative from Telegram has rejected the allegations, saying that the company has never acknowledged a security hole for its users.
This vulnerability has highlighted Telegram’s persistent security issues, which is concerning considering the app’s widespread use in the cryptocurrency ecosystem for facilitating messaging, file sharing, and bitcoin transactions via its Wallet service.
In contrast to the more common practice of letting consumers keep their private keys, this service chooses to keep them in a custodial capacity.
There has been prior publicity about security holes in Telegram. In the past, there have been incidents where modified animated stickers could compromise user data, such as in 2021 with modified stickers and in 2023 with a Google engineer finding a bug in the macOS version of the app that could allow unauthorized access to a device’s camera and microphone.
Telegram has taken a proactive stance in response to these vulnerabilities. In 2014, the platform launched its bug bounty program, which offers financial rewards to developers and security experts who identify possible security flaws.
The program’s goal is to address and reduce security risks by using the knowledge and experience of the security community at large.
The continuous debate between security professionals and Telegram highlights the complicated world of digital security and the necessity for vigilance, despite Telegram’s attempts to safeguard its platform and skepticism regarding the existence of the present vulnerability.
Also Read: The Solana team is urging validators to “upgrade ASAP” in anticipation of a congestion fix