Security researches have discovered some major vulnerabilities in Telegram over recent days. As reported by Tech Radar these have originated from the new animated sticker feature.
Things had been looking like they were going from strength to strength for Telegram. Following the data scandal that enveloped WhatsApp over the last few weeks, many had looked to switch. This all came as WhatsApp tried to make users share their data with Facebook to use the app.
As a result, many users switched over to Telegram in January. This saw user numbers of the app, rise by 25 million in just 72 hours as many jumped ship from WhatsApp.
In order to ride this wave Telegram began working on a tool to allow users to migrate their chat history over to Telegram from other apps.
The app also tried to introduce a number of new features including this animated stickers innovation. This was to try and make the service seem that bit more appealing.
Now it looks like the company has moved too quickly and these changes have backfired on them. For an app that prides itself on security, reports of this nature are desperately worrying.
Researchers find security vulnerabilities in Telegram
One security researcher found 13 individual vulnerabilities in the course of a single investigation. However, the researcher did say that these bugs were reported to the company then subsequently fixed.
These vulnerabilities appeared to originate from the new animated stickers feature the app launched. They allowed attackers to send malicious stickers to victims. This allowed them to gain access to private messages, photos, and videos.
The reports do indicate that the exploit was an extremely complex one. However, this by no means offers a guarantee that no one had found and exploited it.
The details for the 13 vulnerabilities are as follows. They included one heap out-of-bounds write, one stack out-of-bounds write, one stack out-of-bounds read, two heap out-of-bound read, one integer overflow leading to heap out-of-bounds read, two type confusions, and five denial-of-service flaws.
Since these bugs were found Telegram has patched them up so they are no longer an issue. However, such reports could be seriously damaging to a company that is built on its security.
With many switching from the likes of WhatsApp to protect their security and privacy the last thing they will want is one of its competitors showing vulnerabilities. By no means is this a big breach but the public perception of Telegram’s security is very important to the company.