While the company’s encryption protocol has been controversial among the cryptography community, its own bots have now come under fire at a recent report by
Telegram Bots are little apps which are mostly created by third-party developers to do a specific task and may be embedded inside chats or public channels. As per a study report by Forcepoint Security Labs, a US-based cyber-security company, Telegram does not utilize the same encryption protocol with bots that the company uses to protects its own chats. This means, adding a bot into a chat or people station can potentially weaken the security of that particular conversation and make it easier for a malicious party to intercept the chats.
“Telegram utilizes its in-house MTProto encryption for securing messages between ordinary users as it (justifiably) sees TLS rather than secure sufficient on its own for an encrypted messaging application. Regrettably this is not relevant in the case of apps which use the Telegram Bot API as messages sent this way are simply protected from the HTTPS coating,” wrote Abel Toro, a security researcher in Forcepoint, in a blog post.
“To make things worse, any adversary capable of gaining a couple of key pieces of data transmitted in each message cannot only snoop on messages but can recover the entire messaging history of this target bot,” he added.
It’s concerning the security of a messaging service, which advertisements itself as a”protected messaging program,” can allegedly be impaired by its features. Forcepoint security researchers imply that the Telegram users must totally avoid bots should they want to keep their conversations confidential.
Telegram was originally introduced back in 2015 and as per the last data published by the business, it has over 200 million active users worldwide.