Main navigation

Telegram Passport Vulnerable to Brute Force Hacks: Report

News
Thu, 08/02/2018 - 06:14
article image
Yuri Molchan
A software producer claims that Telegram Passport can be hacked by brute force attacks
Telegram Passport Vulnerable to Brute Force Hacks: Report
Cover image via U.Today
Read U.TODAY on
Google News

In late July Telegram messenger released a tool for encrypting users’ personal ID data and for allowing them to share this data with startups dealing with electronic assets and comply with know-your-customer (KYC) rules.

The cryptographic software developer Virgil Security, Inc believes that this Telegram Passport can be hacked.

Telegram cloud

The messenger keeps its users’ data on the decentralized Telegram cloud that cannot decrypt it, since it is perceived visually as “random garbage.”

Nevertheless, the latest study by Virgil Security has shown weak points concerning password protection in this cloud storage.

card

At Virgil Security, they believe that Telegram utilizes a protocol not meant to hash passwords. Reportedly, it makes data weak against brute force attacks, even if salt is added to it. For a cryptographer, salt means random information added to the data. It adds extra protection to a password by turning it into a longer combination of symbols.

Lack of digital signature

According to the research, after a Telegram user encrypts his/her personal data, it goes to the Telegram cloud. When they need to confirm their identity for a third-party company or service, the user re-encrypts it for the new credentials.

This, the report insists, makes the password easy to hack. Apparently, the lack of digital signature can help criminals change users’ personal data without them being aware.

card

article image
About the author

Yuri is a crypto journalist interested in technology and technical innovations. He has been in crypto since 2017. Believes that blockchain and cryptocurrencies have a potential to transform the world in the future in many of its aspects. ‘Hodls’ major cryptocurrencies and has written for multiple crypto media outlets. 

His articles have been quoted by such crypto influencers as Tyler Winklevoss, John McAfee, CZ Binance, Max Keiser, etc.

Currently Yuri is a news writer at U.Today and can be contacted at yuri.molchan@u.today.