Fun

‘High-risk’ Telegram vulnerability exposes users to attacks — CertiK

News Feed - 2024-04-09 07:04:10

Helen Partz13 hours ago‘High-risk’ Telegram vulnerability exposes users to attacks — CertiKThe newly discovered Telegram vulnerability can be avoided by disabling the automatic downloading of media files on Telegram Desktop.4680 Total views23 Total sharesListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTJoin us on social networksUpdate April 9, 2:40 pm UTC: Telegram denied the existence of RCE vulnerability for Telegram clients, while some security experts claimed it"s been a known issue.


A major vulnerability on Telegram messenger is exposing users to malicious attacks, according to a new report released by the blockchain security firm CertiK.


CertiK Alert took to the social media platform X on April 9 to warn the public against a “high-risk vulnerability in the wild,” potentially allowing hackers to deploy a remote code execution (RCE) attack through Telegram’s media processing.


According to the post, CertiK’s team has discovered a “possible RCE” attack in Telegram’s media processing on Telegram Desktop application.


“This issue exposes users to malicious attacks through specially crafted media files, such as images or videos,” CertiK wrote.


A spokesperson for CertiK told Cointelegraph that the vulnerability is exclusive to the desktop Telegram application because mobile "does not directly execute executable programs like desktops, which generally require signatures." The representative noted that the news on the issue came from the security community.


To avoid the vulnerability, users should check their Telegram Desktop configuration and disable the auto-download feature. The feature can be disabled by going to “Settings” and then tapping on “Advanced.”Source: CertiK


“Under the ‘Automatic Media Download’ section, disable auto-download for ‘Photos’, ‘Videos’, and ‘Files’ across all chat types (Private chats, groups, and channels),” CertiK noted.


A spokesperson for Telegram told Cointelegraph that the company "can"t confirm the existence of such a vulnerability in Telegram clients."


According crypto enthusiast and grey hat SEO Yannick Eckl, the problem with automatic downloads of media files and RCE attacks in Telegram is not new. "It is a known issue in many, but obviously not all, IT-security circles," Eckl told Cointelegraph.


Telegram is a major cryptocurrency-friendly messenger that allows users to communicate and exchange files and transact cryptocurrencies like Bitcoin (BTC) and Toncoin (TON) using its custodial wallet solution called, simply, Wallet.


The “custodial” part means that Wallet doesn’t give users the private key by default but rather puts the assets in its own custody to help industry newcomers avoid self-custody responsibilities.


Related:Telegram channels eligible for 50% ad revenue, but there’s a catch


The newly discovered vulnerability on Telegram isn’t its first. In 2023, Google engineer Dan Reva found a significant bug that could allow attackers to activate the camera and microphone on laptops running macOS.Source: Dan Rehah


In 2021, a security researcher from Shielder discovered a similar media-related issue on Telegram, which reportedly allowed attackers to send modified animated stickers, which could have exposed the victims’ data.


Telegram has been actively addressing potential vulnerabilities on its app, though. Telegram’s bug bounty program has been active since 2014, offering developers and the security research community the opportunity to submit their reports and be eligible for bounties ranging from $100 to $100,000 or more, depending on the severity of the issue.


Magazine:1 in 6 new Base meme coins are scams, 91% have vulnerabilities# Business# Security# Adoption# Telegram# Messaging App# HacksAdd reaction

News Feed

Anchorage Obtains Federal License to Operate as Crypto Bank
Anchorage Obtains Federal License to Operate as Crypto Bank The U.S. Office of the Comptroller of the Currency (OCC) has granted conditional approval to crypto c
How Close Is Bitcoin To A Bear Market? This Historical Level May Contain Hints
Este artículo también está disponible en español. A Bitcoin on-chain level has historically served as the boundary for bear markets. Here’s how far the asset’
William Suberg7 hours agoBitcoin price all-time high will precede 2024 halving — New predictionBTC price all-time highs await Bitcoin hodlers before April 2024, says BitQuant — but what happens after will be even big
Helen Partz12 hours agoTaiwan bans unregistered foreign crypto exchanges from operatingBesides local exchanges like Maicoin, major global crypto trading firms like Binance, Bybit and Kraken have also been serving custome
Argentine government passes registration requirements for crypto firms
Turner Wright3 hours agoArgentine government passes registration requirements for crypto firmsComisión Nacional de Valores President Roberto Silva said virtual asset service providers that are not registered “will not
77% of Millennials Have Fallen Prey to This 'Woke' Investment Scam
There is so much bad investing advice out there. As wonderful as the Internet has been for the free-flowing exchange of ideas, information, and transparency when it comes to securit
Marcel Pechman7 hours agoGermany is dragging Europe’s economy down — and that’s great for cryptoCointelegraph analyst and writer Marcel Pechman explains how a weakening German economy — Europe’s largest — is
SEC Chairman Proposes Amending Federal Custody Rules to Cover ‘All Crypto Assets’
SEC Chairman Proposes Amending Federal Custody Rules to Cover "All Crypto Assets" U.S. Securities and Exchange Commission (SEC) Chairman Gary Gensler has proposed amending federal
NFT-Collateralizing South African Startup Raises $5 Million in Latest Seed Round
NFT-Collateralizing South African Startup Raises $5 Million in Latest Seed Round A South African startup, NFTfi, is reported to have recently raised $5 million which the company in
Binance Labs shifts investment focus to Bitcoin DeFi
Zoltan Vardai11 hours agoBinance Labs shifts investment focus to Bitcoin DeFiBTCFi protocols are gaining traction ahead of the anticipated Bitcoin halving event on April 19. Can they match Ethereum-native DeFi in the fut
National Exchanges Reportedly Pause Operations in Venezuela, as Attorney General Confirms Crypto Watchdog Sunacrip Involvement in Oil Sale Schemes
National Exchanges Reportedly Pause Operations in Venezuela, as Attorney General Confirms Crypto Watchdog Sunacrip Involvement in Oil Sale Schemes National cryptocurrency exchange
Dogwifhat leads the market with 13% gain — What’s driving WIF price?
Nancy Lubale30 minutes agoDogwifhat leads the market with 13% gain — What’s driving WIF price?WIF booked a double-digit rebound to outperform memecoins, Bitcoin and altcoins which remain in sell-off mode.143 Total vi