Researchers at the University of London’s Royal Holloway have discovered several flaws in the MTProto protocol used by the popular encrypted messaging app Telegram.
While end-to-end encryption (E2EE) is available in individual chats, the MTProto protocol is used in the service’s group chats (also known as cloud chats) and when users do not opt for E2EE. MTProto is Telegram’s version of Transport Level Security (TLS) that is used to secure data in transit and protect users from man-in-the-middle attacks.
One of the security flaws discovered by the researchers at Royal Holloway allowed an attacker on the network to rearrange messages coming from a client on Telegram’s servers. While this bug isn’t particularly dangerous, the researchers found that it was trivial.
The researchers also took a closer look at Telegram’s clients for Android, iOS, and desktop, where they discovered code that could be used to restore some encrypted plain text messages. However in …