Advertisement
AD

Main navigation

Telegram Passport Vulnerable to Brute Force Hacks: Report

Advertisement
Thu, 2/08/2018 - 6:14
Telegram Passport Vulnerable to Brute Force Hacks: Report
Cover image via U.Today
Read U.TODAY on
Google News
Advertisement

In late July Telegram messenger released a tool for encrypting users’ personal ID data and for allowing them to share this data with startups dealing with electronic assets and comply with know-your-customer (KYC) rules.

The cryptographic software developer Virgil Security, Inc believes that this Telegram Passport can be hacked.

Telegram cloud

The messenger keeps its users’ data on the decentralized Telegram cloud that cannot decrypt it, since it is perceived visually as “random garbage.”

Nevertheless, the latest study by Virgil Security has shown weak points concerning password protection in this cloud storage.

card

At Virgil Security, they believe that Telegram utilizes a protocol not meant to hash passwords. Reportedly, it makes data weak against brute force attacks, even if salt is added to it. For a cryptographer, salt means random information added to the data. It adds extra protection to a password by turning it into a longer combination of symbols.

Lack of digital signature

According to the research, after a Telegram user encrypts his/her personal data, it goes to the Telegram cloud. When they need to confirm their identity for a third-party company or service, the user re-encrypts it for the new credentials.

This, the report insists, makes the password easy to hack. Apparently, the lack of digital signature can help criminals change users’ personal data without them being aware.

card

Advertisement
TopCryptoNewsinYourMailbox
TopCryptoNewsinYourMailbox
Advertisement

Latest Press Releases

Our social media
There's a lot to see there, too

Popular articles

Advertisement
AD