Bug alert! Your photos remain on Telegram even after deleting chat

A security flaw has been reported in Telegram, a WhatsApp-like messaging app, which is preferred by VIPs and cyber security aficionados for its high-end security features.

Published: 27th December 2018 07:15 AM  |   Last Updated: 27th December 2018 07:15 AM   |  A+A-

In this 30 May, 2018 photo, the website of messaging app Telegram is seen on a computer. (Photo | Aamir Hamza )

Express News Service

HYDERABAD: A security flaw has been reported in Telegram, a WhatsApp-like messaging app, which is preferred by VIPs and cybersecurity aficionados for its high-end security features. Ironically, the vulnerability has been reported in its secret messaging feature which allows a user to delete all traces of a chat.The bug in this functionality allows photos taken and shared on secret chats to be left behind even after they are deleted. “These photos will be stored in the device and accessible to all applications installed on the Android device,” researchers of Cisco Talos said in its vulnerability report.

Telegram, which was released in 2013, has soon turned into a preferred mode for politicians, internal communication of political parties, and other cybersecurity enthusiasts who are wary of Facebook-controlled WhatsApp. Recently, BJP, in a run-up to 2019 elections has added Telegram to its social-media kitty for propagating party-related information.

Unlike other vulnerabilities, the problem with the Telegram flaw lies in its source code. As of now, when a user gives the command to take a picture on Telegram, the messaging app uses a third-party app -- for instance Google Camera -- to take the photo. When that happens, the third-party camera application would save the photo in its directory on Android, apart from saving another photo in the Telegram directory. So when, the secret chat feature deletes the information on the app, the photos remain in the third-party camera’s directory.

For avoiding the issue, the researcher recommended Telegram to use its own photo-taking code. “This way the application can ensure that the photo data is not saved by a third party application,” report said. Earlier, it had found that Telegram including a few other messaging services, was vulnerable to side-channel attacks by hackers and that its desktop version was susceptible to getting hijacked.

Stay up to date on all the latest Hyderabad news with The New Indian Express App. Download now
(Get the news that matters from New Indian Express on WhatsApp. Click this link and hit 'Click to Subscribe'. Follow the instructions after that.)

Comments

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp