Despite Telegram’s disbelief in the revelation made by CertiK Alert, the latter is persistent to hold that there is a vulnerability on Telegram’s platform. CertiK recommended that exercising caution was the right thing to do until they completed a full investigation.
On Wednesday CertiK gave the public warning over a suspected security breakdown in Telegram. Telegram came with a rebuttal, stating that the alleged report was incorrect.
On Friday, CertiK said in a tweet they stand their ground and the threat is real after additional investigation. This was further followed by Telegram asking CertiK to delete its first warning post questioning the accuracy of the information.
The information leak is said to involve Telegram’s automatic media downloading button. It is also a crucial matter that needs to be taken into account as it might end up with abuse and thus it is a fundamental issue.
Another case reported by CertiK has an RCE (Remote Code Execution) vulnerability classified, which could potentially allow the attacker to gain access and influence user accounts or even use them to run malicious programs.
The media files, such as images or videos, may be intentionally interfered with by cybercriminals during the exchange process. All file modules would then begin downloading without considering the user seeking permission first.
It is recommended to disable application downloads and use multi-factor authentication and strong passwords as a protection measure.
Also Read: Hong Kong Targets Crypto Scams: BitCloud, TCAME Flagged
