Telegram Passport Vulnerable to Brute Force Hacks: Report

Thu, 08/02/2018 - 06:14
Yuri Molchan
A software producer claims that Telegram Passport can be hacked by brute force attacks
Telegram Passport Vulnerable to Brute Force Hacks: Report
Cover image via U.Today


In late July Telegram messenger released a tool for encrypting users’ personal ID data and for allowing them to share this data with startups dealing with electronic assets and comply with know-your-customer (KYC) rules.

The cryptographic software developer Virgil Security, Inc believes that this Telegram Passport can be hacked.

Telegram cloud

The messenger keeps its users’ data on the decentralized Telegram cloud that cannot decrypt it, since it is perceived visually as “random garbage.”

Nevertheless, the latest study by Virgil Security has shown weak points concerning password protection in this cloud storage.


At Virgil Security, they believe that Telegram utilizes a protocol not meant to hash passwords. Reportedly, it makes data weak against brute force attacks, even if salt is added to it. For a cryptographer, salt means random information added to the data. It adds extra protection to a password by turning it into a longer combination of symbols.

Lack of digital signature

According to the research, after a Telegram user encrypts his/her personal data, it goes to the Telegram cloud. When they need to confirm their identity for a third-party company or service, the user re-encrypts it for the new credentials.

This, the report insists, makes the password easy to hack. Apparently, the lack of digital signature can help criminals change users’ personal data without them being aware.


About the author

Yuri is a journalist interested in technology and technical innovations. He has been in crypto since 2017. Believes that blockchain and cryptocurrencies have a potential to transform the world in the future. ‘Hodls’ cryptocurrencies. Has written for several crypto media. Currently is a news writer at U.Today, can be contacted at