• Home
  • Apps
  • Apps News
  • Telegram Bots Can Undermine Overall Encryption of the Chat App, Claim Researchers

Telegram Bots Can Undermine Overall Encryption of the Chat App, Claim Researchers

Share on Facebook Tweet Share Reddit Comment
Telegram Bots Can Undermine Overall Encryption of the Chat App, Claim Researchers

Telegram is a popular encrypted chat app used by millions of users

Highlights
  • Telegram Bots are quite popular among the app’s users
  • Telegram uses HTTPS protocol to encrypt the bot traffic
  • The app currently has over 200 million users globally

Telegram has emerged as a popular communications app for millions of users around the globe, who have security concerns and seek an encrypted chat platform. While the company's encryption protocol has long been controversial among the cryptography community, its bots have now come under fire in a recent report from a Web security firm. The security firm claims that the comparably lower security standard used for bots on the app undermines the overall security of the Telegram chats, making the supposed encrypted chats potentially susceptible to interception by malicious parties.

Telegram Bots are small apps that are mostly created by third-party developers to do a specific task and can be embedded inside chats or public channels. According to a research report by Forcepoint Security Labs, a US-based cyber-security firm, Telegram doesn't use the same encryption protocol with bots that the company uses to protects its chats. This means, adding a bot to a chat or public channel can potentially weaken the security of that particular chat and make it easier for a malicious party to intercept the chats.

“Telegram uses its in-house MTProto encryption for securing messages between regular users as it (justifiably) sees TLS as not secure enough on its own for an encrypted messaging application. Unfortunately, this does not apply in the case of programs which use the Telegram Bot API as messages sent this way are only protected by the HTTPS layer,” wrote Abel Toro, a security researcher at Forcepoint, in a blog post.

“To make matters worse, any adversary capable of gaining a few key pieces of information transmitted in every message can not only snoop on messages in transit but can recover the full messaging history of the target bot,” he added.

It is concerning that the security of a messaging service, which advertising itself as a “secure messaging application,” can allegedly be impaired by one of its own features. Forcepoint security researchers suggest that the Telegram users should totally avoid bots if they want to keep their chats private.

Telegram was originally launched back in 2015 and as per the last data released by the company, it has over 200 million active users worldwide.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Further reading: Telegram, Telegram Bots, Encryption, HTTPS
Gaurav Shukla Paranoid about online surveillance, Gaurav believes an artificial general intelligence is one day going to take over the world, or maybe not. He is a big ‘Person of Interest’ fan. More
Sony Xperia XA3, Xperia XA3 Ultra, Xperia L3 Allegedly Receive Bluetooth Certification Ahead of February 25 Launch
Oxford Says No to Additional Huawei Funding in 'Light of Public Concerns'
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.