Telegram’s Security Flaw Exposes 950 Million Users to Risk

On July 22, Pavel Durov, the CEO of Telegram, announced that the platform had reached a remarkable 950 million monthly active users, a significant leap from 900 million in the spring and setting sights on the billion-user mark. However, this exciting milestone comes with a serious caveat. On the same day, cybersecurity firm ESET disclosed a severe zero-day vulnerability that had been exploited, affecting all those users. Although Telegram has since patched the issue, the timing and nature of this flaw reveal an ironic twist in the app’s security narrative.

The vulnerability, identified by ESET’s research team, was initially discovered for sale on an underground forum a month prior. This zero-day exploit targeted Android users and was cleverly disguised within a 30-second video clip. When users received this video via message or channel, it automatically downloaded to their devices, as auto-download is the default setting on Telegram unless manually changed by users. Although the video itself was non-functional and did not play upon clicking, it presented a dialog box with an “Open” option. Clicking this button initiated the installation of the malicious payload. To safeguard against such threats, users are advised to modify the default media file download settings on all messaging applications.

ESET labeled the exploit “EvilVideo” and detected it in late June. The firm promptly reported the vulnerability to Telegram, which responded by deploying a fix on July 11. The flaw was present in all versions of Telegram for Android up to version 10.14.4 but was addressed in the update to version 10.14.5. Despite the swift response, the incident highlights significant security concerns, especially given the platform’s role as a marketplace for cybercriminal activities.

The irony of the situation is palpable. Earlier this year, cyber security reports described Telegram as a burgeoning hub for illicit activities. The platform has become a crucial venue where seasoned and novice cybercriminals exchange tools, stolen data, and exploit kits. It provides a comprehensive range of resources needed to conduct malicious campaigns, including free samples, tutorials, kits, and even services for hire. This dark web marketplace aspect of Telegram has been well-documented, underscoring the platform’s dual role as both a popular communication tool and a haven for criminal enterprises.

Furthermore, Telegram’s lack of default end-to-end encryption exacerbates its security issues. This flaw was publicly criticized during a high-profile dispute with the secure messaging app Signal in May. Despite numerous warnings over the years about Telegram’s inadequate security measures, the platform’s user base has continued to grow substantially. The platform’s appeal seems undiminished despite its known vulnerabilities and associations with cybercrime.

Recent reports from Fortune and The Financial Times further emphasize the platform’s troubling reputation. Fortune highlighted Telegram’s increasing use as a medium for illegal activities, such as drug and weapon trafficking. Meanwhile, The Financial Times drew comparisons between Telegram and the dark web, describing the app as a virtual wild west where organized crime thrives. This characterization underscores the significant security risks associated with using the platform.

The situation has not changed much since 2016, when Gizmodo warned users about Telegram’s security shortcomings. Despite the app’s marketing claims of robust security, the underlying issues have persisted, and its user base has expanded dramatically. As Telegram continues to grow, its dual nature as both a major communication platform and a haven for criminal activity remains a point of concern. Users should remain vigilant and take necessary precautions to protect their data and privacy, especially in light of the recent security lapse.