Users of the infamous Telegram application on the macOS platform are being notified about potential security risks that may expose the files they share online.
According to the lead threat analyst at Trustwave SpiderLabs, Reegun Richard Jayapaul, the built-in feature to self-destruct messages can be compromised.
The first problem was that files sent via Telegram were stored in a temp ‘cache’ folder even though the message was self-destructed.
According to Jayapaul, hackers can easily access these files, where audio, video messages, locations and documents are stored.
Although the issue was fixed by Telegram early, the details are being announced now.
Jayapaul refused to receive a reward from Telegram, who asked him to keep the information confidential in return.
This was not the first time researchers find messages that were not deleted effectively using the self-destruct feature in Telegram.
The first incident was fixed in patch 7.4 and the latest in patch 7.7.
“It’s apparent that Telegram has a history of leaving these supposedly ‘self-destruct’ media files behind,” said the Senior Security Research Manager at Trustwave SpiderLabs, Karl Sigler.
However, a second problem was not patched in Telegram.
The problem meant that a person could bypass the self-destruct feature and get into the cache folder without even opening the message.
One can get to the messages and save them by recording the screen or taking screenshots, but if a cache file is used, it appears as if the recipient hadn’t seen the messages or obtained the files.
“The self-destruct feature is intended to be a simple way for users to send media that will delete itself. We warn users that they should use this only with people they trust” Telegram spokesperson said.
“There is no way for software to 100% prevent someone from saving a version of messages or media—such as simply taking a photo of their screen with another device,” the spokesperson added.
The spokesperson asserted that with researchers’ help, the functionality, privacy and security of such features will further improve.
He also welcomed suggestions of additional solutions from all Telegram users.
