MacOS Flaw in Telegram Retrieves Deleted Messages
According to new reports, Telegram failed to fix a flaw that allows for the retrieval of deleted messages. Instead, a Trustwave researcher declined a bug bounty reward and disclosed his findings instead. The vulnerability lies in a high-level privacy feature of Telegram on macOS that effectively deletes messages on both the sender and recipients’ devices after a certain period of time. However, Reegun Richard Jayapaul, a researcher at Trustwave reported that the flaw allows attackers to access the messages even after they’ve been deleted.
Jayapaul reported that the flaw in the Self-Destruct feature of Telegram for macOS is related to the Secret Chats aspect of the messaging platform that leverages end-to-end encryption. According to Telegram, even they do not have a decryption key. The encryption is designed for people who are worried about security and privacy pertaining to their chat histories. Telegram is viewed as one of the more secure messaging apps over other platforms such as WhatsApp. Jayapaul and Telegram collaborated to patch the flaw in two different scenarios.