Telegram is the instant messaging platform that promises to be a truly safe and private alternative, but has appeared a first security flaw, which allows the attacker to know who has held talks the victim. The advantage is that it has a very simple solution
http:. //es.gizmodo.com/como-crear-un -…
Or at least a medium solution, Since it is Telegram failure who can solve this root with an update. The ruling was published on Github by Ola Flisbäck, who explained how a malicious attacker can take advantage of this to keep track of who has spoken with the victim:
“Telegram allows anyone to talk to you without it add to your address book. After there may or may not block it, it is true, but this action at first allows anyone to see your contacts simply with knowing your username or phone number.
So, the attacker to download a number of files can get the user metadata and identify who is speaking with his victim. Fortunately, this is not so easy, and depends on a factor specific: the victim has activated the function Telegram which allows to know when was the last time the user logged in “
In short, thanks to this security flaw the attacker can know what contacts have been talking, but it needs both users sharing on his last connection with any take on. Otherwise, it is not possible.
And the process of obtaining this information is made easier as more data know the victim, whether the last connection or, even better, if the attacker has contacts in common with the victim.
Telegram told The Next Web are working on an update that fixes this problem in the bud, but in the meantime what users can do to prevent this is to simply go to the settings menu of the application, there enter the security section and then select the option to share only your last connection to your contacts … or anyone, if you go to the extreme. [Github via The Next Web]
Cover photo: Twin Design / Shutterstock
***
Psst You can also follow us on Twitter and Facebook!)
No comments:
Post a Comment