CertiK, a company specializing in blockchain security, has raised concerns about the safety of Telegram’s desktop app due to its media auto-download feature. However, Telegram disagrees with this assessment.
The crypto community was warned by CertiK about an alleged risky security issue in the sharing of images and videos through Telegram’s private messaging feature.
Users were told to disable automatic updates to protect against potential threats, yet the security company failed to share the reasoning behind this recommendation.
#CertiKInsight ⚠️
A potentially dangerous issue has been identified in the wild,
Kindly review your Telegram settings for enhanced security.
⬇️⬇️⬇️⬇️⬇️
It appears that a Remote Code Execution (RCE) vulnerability was discovered in Telegram’s media processing feature within the Desktop application.
This weakness could leave users susceptible to harmful attacks via…— CertiK Alert (@CertiKAlert) April 9, 2024
Telegram responds to CertiK’s claim
After receiving a warning from CertiK about X, Telegram clarified that the claim of over 800 million users being potentially vulnerable due to automatic media downloads was unfounded. The company stated that no instances of remote code execution (RCE) resulting in crypto wallet breaches had been reported by its users.
It’s uncertain if the depicted vulnerability in this video is genuine. The video may be a fake or hoax. Feel free to share any suspected weaknesses in our applications, as we take all reports seriously.
Telegram team
Expert weighs in
After learning about the latest developments from news sources, crypto.news reached out to Kirill Tiufanov, Polyzoa’s founder, regarding CertiK’s discovery of an RCE (Remote Code Execution) attack vector. Tiufanov, who has extensive experience in web3 security, expressed his skepticism about the vulnerability.
It’s a rather vague supposition since they haven’t provided any technical specifications. In simpler terms, everyone advises against downloading unfamiliar files due to potential risks.
Kirill Tiufanov, Polyzoa founder
As the validity of the claim is still under debate, CertiK recommends disabling automatic media downloads on the desktop app for enhanced security.
On several social media sites, users can obtain files without having to click anything at all. However, Telegram stands out among messaging services as it offers cryptocurrency functions. The app’s user-friendly design facilitates the integration of tools such as BonkBot and digital wallets, while ensuring security remains a priority for blockchain developers.
Telegram itself doesn’t allow the use of cryptocurrencies, but you can utilize the platform as a means for users and businesses to exchange digital assets through transactions.
Grindery, which is supported by Binance Labs, uses account abstraction smart contracts to enable simple transactions on their social media platform with a single click. Moreover, Telegram, in partnership with its parent company The Open Network and Toncoin, has established a system that allows users to earn revenue by displaying ads on their channels through a revenue-sharing setup.
Read More
Sorry. No data so far.
2024-04-09 20:58