>While Telegram was founded upon a noble goal of providing privacy to consumers everywhere at no cost, they have fallen short of their objective by focusing purely on data-in-transit versus protecting data-at-rest on the mobile device itself. What is regrettable is that I approached Telegram multiple times and have yet to receive a response. Telegram’s so-called powerful encryption is not protecting users any better than any other page or app that uses SSL. If you are using Telegram because you want to ensure your privacy and the privacy of the messages you are sending, be aware that it will not stop sophisticated hackers from reading your messages. We highly recommended adding additional protection to your mobile device that can detect device-level cyberattacks.
http://blog.zimperium.com/telegram-hack/
We told you it was shit, /g/
>>46703960
>WE told YOU it was shit, /g/
Nice clickbait shillfriend :^)
Should have just used Serpico VPN instead...
encryption is just another buzzword used by unscrupulous devs nowadays
if you hadn't realized it by now you deserved to have your shit taken
>>46703960
I thought they actually MITM'd the end-to-end encryption but that's not the case it seems
>>46703960
it's fucking nothing
>>46703971
this, fuck this thread
>>46703960
>implying I used telegram because of privacy
It is at least a year ahead of Whatsapp featurewise.
It's not going to be encryped in memory. If your attacker has memory access like that, you're already at the point where NOTHING you do is secure.
Well he hacked app itself, not encryption. Everything is possible with physical access.
>>46703960
>Any attacker that gains access to the device can read the messages without too much effort.
>implying you couldn't read Threema, TextSecure or whatever the fuck messages with fucking root access on a device
If anything you could still just go ahead and grab literally everything the device displays.
This is fucking nothing.
We know Telegram isn't the holy grail of security, but fucking hell, you're going to have to try harder than this.
At the end of the day, Telegram is still the only mass-marketable alternative to WhatsApp that exists.
>>46703960
>How I "hacked" "Telegram's" "Encryption"
>took a memory dump and read cache files for client app
Still, it would be great to see the app protected with a PIN, at least.
oh wait
>not using phone encryption
>not using password lock
>>46703960
>We highly recommended adding additional protection to your mobile device that can detect device-level cyberattacks.
And you also sell that additional protection? What a coincidence!
Kill yourself.
>>46704301
sure thing, but still the db in /data could be encrypted
Another detailed blog post alexrad[.]me/discourse/a-264-attack-on-telegram-and-why-a-super-villain-doesnt-need-it-to-read-your-telegram-chats.html
i'd suggest to encrypt secret chats with gpg keys generated at installation time and shared between phones when you add a new contact
>>46703960
The blogger, Zuk Avraham, is founder and CTO of Zimperium Mobile Security. His article can hardly be considered unbiased in light of this glaring conflict of interest.
While I agree the OP is clickbait, there is one important point that I think is being missed. That is securing data-at-rest best practices are not being followed by Telegram. That's really all this post is bringing our attention to.
And while I agree that once an attacker gets physical access it's basically game over, it shouldn't stop app devs from following some security best practices for data at rest to make it more difficult to get at the data stored by the app.
