- Blockchain security firm CertiK Alert is doubling down on the identified Telegram vulnerability.
- Telegram brushed off the firm’s initial warning as inaccurate.
- CertiK has urged the platform users to be cautious.
Cybersecurity in crypto is now more commonplace than ever, considering the threats the industry faces from relentless malicious actors. This has given rise to amped efforts by security experts, resulting in bolstered measures to protect users and mitigate losses.
On Wednesday, April 9, a blockchain security firm alerted the industry of a vulnerability in Telegram’s social media platform. However, the platform swiftly blurred the claims, asserting the accuracy of the warning.
Following a further investigation, CertiK has unveiled new findings.
CertiK Stands Firm on Telegram Vulnerability Claims
In a tweet on Friday, April 12, the blockchain security firm asserted that the Telegram threat exists despite the platform’s denial.
Sponsored
The double down followed the firm’s removal of its initial warning tweet, which resulted from Telegram’s assertion that it could not provide reliable information backing its claims.
A Telegram spokesperson informed DailyCoin that reports of a “zero-click vulnerability” in the company’s desktop app are “inaccurate.” The spokesperson went on to assert that the automatic download feature poses no risks to users with the option enabled.
Sponsored
Telegram stated that a separate issue was identified and patched, but that initial reports remained false.
"On Telegram Desktop, there was an issue that required the user to click on a malicious file while having the Python interpreter installed on their computer. Contrary to earlier reports, this was not a zero-click vulnerability." The spokesperson told DailyCoin.
“A server-side fix has been applied to ensure that even this issue no longer reproduces.” They added, stating that the fix has been applied to all versions of Telegram Desktop. Despite this, questions about the flagged vulnerability remain across the industry.
What was the Alleged Telegram Vulnerability?
The reported threat, flagged by CertiK Alert, exists in Telegram’s media automatic download feature, which could result in extensive damage if exploited.
The security firm identified the vulnerability as a “Remote Code Execution” (RCE), a type of security flaw that grants attackers unauthorized access to users’ accounts and allows them to remotely execute commands or run malicious programs.
This could be facilitated by sharing compromised media files such as images, videos, or GIFs, which would automatically download onto a user’s device without requiring authentication.
While the exploit primarily affects Telegram’s desktop application, users should remain vigilant across all devices and adopt protective measures. These measures include disabling Telegram’s automatic download feature and implementing additional security measures like two-factor authentication and stronger passwords.
On the Flipside
- In March 2024, the crypto industry lost $79 million to hacks and scams.
- Telegram users have previously fallen victim to hacks and scams, one of which was the October 2023 SHIB scam.
Why This Matters
The blockchain security firm’s reaffirmation of concerns regarding Telegram underscores the importance of users upholding security practices to prevent exploitation and potential losses.
Read more on how to stay safe from the identified Telegram vulnerability:
Telegram Suffers Security Exploit: Are You at Risk?
The SUI token has suffered a major decline from its all-time high price; read more:
SUI Struggles to Grip $1.50 in 45% Slide Below All-Time Peak
