"A Serious Loophole found in Telegram messenger"
Korean security research team detected the weak point of security by hacking and peeking into secret dialogues among Telegram users. Meanwhile, Telegram, a mobile messenger, boasted its strong security function with explosive popularity, but this detection may cause a crack in Telegram`s reputation.
The Master Key team(by Kim Gang-seok and Kwon Sang-hoon), a participant in Telegram security contest, asserted on Feb.25 that it detected the loophole in security to expose secret dialogue among Telegram users by hacking.
Telegram progressed its security contest with reward of $300,000(KRW 330million) for a successful person in hacking during 3months from early November last year to early February this year. This contest was conceived for showing off Telegram`s security performance estimated as impregnable.
The Master Key team hunted out Telegram`s weak points not only in some inside area of smartphone 117, but in unencrypted storage at address book. But these loopholes were found merely in rooting smartphones. Though rooting is easily made for enhancement of smartphone utilization and use convenience at home and abroad, this situation is unreliable.
Once a hacker uses Telegram`s security weak point, the third person can see basically all secret dialogues among service subscribers and can even pretend to be the owner of this smartphone. Meantime, Telegram has stressed that anybody can never see user`s personal message at online chat room. Though Telegram promotes automatic deletion of messages which were read in device, actually, all contents still remained intact in the smartphone.
The Master Key team emailed Telegram about this security loophole on Jan. 29 this year. But Telegram didn`t answer this email at all. The Master Key team posted this weak point in Telegram`s Facebook on Feb.2. This team also resent its email to Telegram on Feb.16, but no response from Telegram arrives yet.
When Kakao Talk had tough time due to controversy over cyber censorship, Telegram was emerged as an alternative messenger. Once, with over 1.7 million subscribers, Telegram brought the fever of `cyber asylum` to Korea. The function of secret dialogue in Telegram is transmitted in code. Telegram asserted its feature that only friends and I who are in secret dialogue can confirm messages. For the purpose of showing off its security performances, Telegram carried out security contest to ask for cracking encryption to participants with big award.
The Master Key team pointed, "Though Android phone is restricted under rooted environment, we can take out all information filled in application by access to directory holding Telegram`s message data and then copying them." "Unlike Kakao Talk, Telegram doesn`t recertify when the device is changed. This is a serious loophole."
Kim Seung-Joo, professor at Cyber Defense department of Korea University, said, "Telegram uses security mechanism which was developed on its own. On the contrary, it can cause security problems without public accreditation." "Though Telegram seems to be outstanding in security because its security contest was progressed under the restricted environment with method of breaking codes, if Telegram allows various hacking attempts, several security loopholes may be found."
Senior Reporter Kim, In0-soon insoon@etnews.com