The security researcher known as Dhiraj Mishra has recently found a security flaw lodged in the macOS application version 7.3 that reportedly allowed access to be given for audio and video messages in the chats that actually self-destruct. These particular chats are said to be end-to-end encryption and can also be automatically deleted from both the receiver and sender even after the time that is selected by the said user.
MacOS Telegram security flaw
However, this particular flaw now put the security as well as those chats within risk since the given content could actually be accessed some time later that supposedly had expired. The researcher had reported his own findings to Telegram some time December 26, 2020 and the said service had resolved the issue with the version 7.4 that rolled out on Jan. 29.
On the other hand, the researcher also identified another second vulnerability within Telegram's known macOS app that actually stores the local passwords in just plain text in a particular JSON file that was indicated by TheHackerNews site. Mishra then received a whopping €3,000 or $3642.85 for actually reporting the said two flaws as part of the app's bigger bug bounty program.
End-to-end encryption Telegram
According to an article by TheTimesHub, certain companies actually offer this particular initiative in order to encourage certain errors to be found in order for them to optimize the security of their very own products. It should also be remembered that unlike the popular Signal or controversial WhatsApp, the conversations within Telegram are still not encrypted from one end to another by default. This means users will still have to manually select the encryption option in order to keep their files and messages protected.
With included end-to-end encryption, only both the sender and the receiver will be able to see the given content of a certain message since it is protected just in case it can then be intercepted on the way. This would mean that, even if it actually goes through another intermediary server, there would be no way for a company to access the content of users' messages.
Read Article: Instagram Now Detects Harassing Private DMs, Issues Stricter Penalty Warnings
Telegram offers incentives
The security incentive that Telegram is offering is done in order for independent individuals to invest their time and effort in finding Telegram's flaws before potential hackers do. The company would then fix these given security issues in order to cover up the rough patches and add an extra layer of security.
The thing about hacking is that there are sometimes loopholes in a given app which is why the app needs to issue security updates every once in a while. Although not a lot of users understand why updates need to be rolled out every once in a while, this is basically the company's way of making sure that their application remains up to date with security measures as well as certain other features.
Related Article: WordPress Data Breach Affects 100,000 Exposed Websites After Using Responsive Menu Plugin
This article is owned by Tech Times
Written by Urian Buenconsejo