Telegram Passport Vulnerable to Brute Force Hacks: Report

  • Yuri Molchan
    📰 News

    A software producer claims that Telegram Passport can be hacked by brute force attacks


Telegram Passport Vulnerable to Brute Force Hacks: Report

 

In late July Telegram messenger released a tool for encrypting users’ personal ID data and for allowing them to share this data with startups dealing with electronic assets and comply with know-your-customer (KYC) rules.

The cryptographic software developer Virgil Security, Inc believes that this Telegram Passport can be hacked.

Telegram cloud

The messenger keeps its users’ data on the decentralized Telegram cloud that cannot decrypt it, since it is perceived visually as “random garbage.”

Nevertheless, the latest study by Virgil Security has shown weak points concerning password protection in this cloud storage.

👉MUST READ How Many People Own Bitcoin and How They Use BTC?
How Many People Own Bitcoin and How They Use BTC?

At Virgil Security, they believe that Telegram utilizes a protocol not meant to hash passwords. Reportedly, it makes data weak against brute force attacks, even if salt is added to it. For a cryptographer, salt means random information added to the data. It adds extra protection to a password by turning it into a longer combination of symbols.

Lack of digital signature

According to the research, after a Telegram user encrypts his/her personal data, it goes to the Telegram cloud. When they need to confirm their identity for a third-party company or service, the user re-encrypts it for the new credentials.

This, the report insists, makes the password easy to hack. Apparently, the lack of digital signature can help criminals change users’ personal data without them being aware.

👉MUST READ How to Accept Bitcoin as Payment on Your Website
How to Accept Bitcoin as Payment on Your Website

Cover image via u.today
Subscribe to U.Today on Facebook, and get involved in all top daily cryptocurrency news, stories and price predictions!
👓 Recommended articles