![]() In Forcepoint's case, the researchers got around it by essentially obtaining the keys to the kingdom in the malware sample they were working on. Taking advantage of the lesser protection on Telegram chats and channels that include bots would still require an attacker to be able to decrypt HTTPS Telegram traffic. The company did not offer an explanation for why bot communications are secured only with HTTPS and not MTProto. Note that by default, Telegram bots only receive messages that are specifically meant for them." Telegram also argues that grabbing the bot API token and Chat ID is akin to stealing someone's password to an account-at that point an attacker would have full access anyway. ![]() "That bot traffic goes over HTTPS is not something to be 'discovered'-it's a documented property of the system," Markus Ra, Telegram's head of support, said in a statement. You’ll be able to read all the messages they’ve exchanged."įorcepoint has been in touch with Telegram about the findings, but wouldn't comment on its interactions with the company. "It's relatively trivial to do, and you can forward all the messages in that channel that the bot has had access to. "You can create your own burner Telegram account and tell the bot to forward you these messages," Somerville says. The idea that a secure messaging service's own feature could downgrade its encryption scheme-without giving any visual cue to the user-is concerning. "I’ll be honest, it surprised us when we realized that the bot security is that different than how normal messaging works." "This is something that affects you if you are operating a bot or are in a channel with bots," says Luke Somerville, head of special investigations at Forcepoint. As a result, adding a bot to a chat or channel undermines its security, potentially making it easier for a third party to intercept messages. But while researching the bot platform, Forcepoint realized that the feature doesn't incorporate the encryption algorithm Telegram uses to protect its chats. They are essentially automated Telegram accounts you can just add them to chats and channels as you would a friend. ![]() Bots are popular on Telegram, because they're fun and convenient, and Telegram has supported them since 2015. They can offer customized keyboards, produce cat memes on demand, or even accept payments and act as a digital storefront. Telegram bots are small programs that can embed in Telegram chats or public channels and perform a specific function. A new report from the web security firm Forcepoint, about Telegram's use of bots, has implications for both Telegram's users and its critics. The other is that many cryptography experts have cast doubt on the integrity of Telegram's encryption scheme. One is that the app is a go-to encrypted communication tool for hundreds of millions of users around the world, particularly those looking to duck government surveillance and censorship in countries like Russia and Iran. The secure messaging app Telegram is significant for two very different reasons. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |