Fun

‘High-risk’ Telegram vulnerability exposes users to attacks — CertiK

News Feed - 2024-04-09 07:04:10

Helen Partz13 hours ago‘High-risk’ Telegram vulnerability exposes users to attacks — CertiKThe newly discovered Telegram vulnerability can be avoided by disabling the automatic downloading of media files on Telegram Desktop.4680 Total views23 Total sharesListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTJoin us on social networksUpdate April 9, 2:40 pm UTC: Telegram denied the existence of RCE vulnerability for Telegram clients, while some security experts claimed it"s been a known issue.


A major vulnerability on Telegram messenger is exposing users to malicious attacks, according to a new report released by the blockchain security firm CertiK.


CertiK Alert took to the social media platform X on April 9 to warn the public against a “high-risk vulnerability in the wild,” potentially allowing hackers to deploy a remote code execution (RCE) attack through Telegram’s media processing.


According to the post, CertiK’s team has discovered a “possible RCE” attack in Telegram’s media processing on Telegram Desktop application.


“This issue exposes users to malicious attacks through specially crafted media files, such as images or videos,” CertiK wrote.


A spokesperson for CertiK told Cointelegraph that the vulnerability is exclusive to the desktop Telegram application because mobile "does not directly execute executable programs like desktops, which generally require signatures." The representative noted that the news on the issue came from the security community.


To avoid the vulnerability, users should check their Telegram Desktop configuration and disable the auto-download feature. The feature can be disabled by going to “Settings” and then tapping on “Advanced.”Source: CertiK


“Under the ‘Automatic Media Download’ section, disable auto-download for ‘Photos’, ‘Videos’, and ‘Files’ across all chat types (Private chats, groups, and channels),” CertiK noted.


A spokesperson for Telegram told Cointelegraph that the company "can"t confirm the existence of such a vulnerability in Telegram clients."


According crypto enthusiast and grey hat SEO Yannick Eckl, the problem with automatic downloads of media files and RCE attacks in Telegram is not new. "It is a known issue in many, but obviously not all, IT-security circles," Eckl told Cointelegraph.


Telegram is a major cryptocurrency-friendly messenger that allows users to communicate and exchange files and transact cryptocurrencies like Bitcoin (BTC) and Toncoin (TON) using its custodial wallet solution called, simply, Wallet.


The “custodial” part means that Wallet doesn’t give users the private key by default but rather puts the assets in its own custody to help industry newcomers avoid self-custody responsibilities.


Related:Telegram channels eligible for 50% ad revenue, but there’s a catch


The newly discovered vulnerability on Telegram isn’t its first. In 2023, Google engineer Dan Reva found a significant bug that could allow attackers to activate the camera and microphone on laptops running macOS.Source: Dan Rehah


In 2021, a security researcher from Shielder discovered a similar media-related issue on Telegram, which reportedly allowed attackers to send modified animated stickers, which could have exposed the victims’ data.


Telegram has been actively addressing potential vulnerabilities on its app, though. Telegram’s bug bounty program has been active since 2014, offering developers and the security research community the opportunity to submit their reports and be eligible for bounties ranging from $100 to $100,000 or more, depending on the severity of the issue.


Magazine:1 in 6 new Base meme coins are scams, 91% have vulnerabilities# Business# Security# Adoption# Telegram# Messaging App# HacksAdd reaction

News Feed

Localbitcoins, Crypto.com, Other Providers Suspend Services for Russians Under EU Rules
Localbitcoins, Crypto.com, Other Providers Suspend Services for Russians Under EU Rules Complying with the latest EU sanctions targeting Russia, well-known cryptocurrency platforms
Amaka Nwaokocha12 hours agoIndexed Finance thwarts hijackers, set to compensate 2021 hack victimsIn an X thread, Laurence Day, a former core contributor, detailed the efforts of the Indexed community in overcoming two hi
World’s largest Bitcoin miner increased BTC holdings by $124M in July
Zoltan Vardai10 hours agoWorld’s largest Bitcoin miner increased BTC holdings by $124M in JulyMarathon Digital holds over $1.1 billion worth of Bitcoin after the company decided to go full “HODL.”6144 Total views13
Deutsche Börse launches spot cryptocurrency trading platform
Helen Partz13 hours agoDeutsche Börse launches spot cryptocurrency trading platformLaunched jointly with the custody provider Crypto Finance, the DBDX offers an ecosystem for crypto trading, settlement and custody for i
Fearing USD Decline, Ex-CFTC Heads Propose a Blockchain-Based Digital Dollar
Two former heads of the Commodity Futures Trading Commission (CFTC) are offering up a plan for a government-sanctioned, blockchain-based digital dollar. In an op-ed for the Wall
Zhiyuan Sun8 hours agoCoinbase sees lukewarm demand for debt buyback, raises offerThe United States-based crypto exchange has increased its offer for discounted debt by 3%.1713 Total views9 Total sharesListen to article
Bitcoin Hashrate Nears All-Time High Captured in May — BTC Mining Rigs Produced in 2016 Still Profitable
Bitcoin Hashrate Nears All-Time High Captured in May — BTC Mining Rigs Produced in 2016 Still Profitable While bitcoin’s value has remained well above the $60K range, the
RenQ Finance Presale Smashes Expectations, Raising in Total Over $5M and $200K in the Last 24 Hours
RenQ Finance Presale Smashes Expectations, Raising in Total Over $5M and $200K in the Last 24 Hours press release PRESS RELEASE.RenQ Finance has recently announced the launch of the
Jesse Coghlan5 hours agoCrypto ‘regulatory approach isn’t needed now’ — New Zealand central bankHowever, the Reserve Bank of New Zealand also said that crypto and stablecoins should be more closely monitored.2065
Aptos launches keyless wallets that use ZK-proofs to verify identities
Christopher Roark4 hours agoAptos launches keyless wallets that use ZK-proofs to verify identitiesAptos Connect allows users to log in with a Google ID without needing an MPC Network, Magic Links, or Windows passkey.775
Ezra Reguerra10 hours agoUpbit parent Dunamu’s profits drop 81% in Q3Dunamu reported a net profit of $23 million in the third quarter of 2023, a steep drop compared to the $123 million it earned in Q3 2022.1098 Total v
David Marcus Launches Bitcoin Payments Startup Lightspark
David Marcus Launches Bitcoin Payments Startup Lightspark David Marcus, former cryptocurrency head at Meta, is launching Lightspark, another payments company that will use crypto a