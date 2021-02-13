



Telegram “Secret Chat” has the potential to expose submitted files at high risk. (Curl Coat / Getty Images)

Telegram users should not relax when using the “Secret Chat” feature for safety. According to the latest news, the deleted files have not been completely deleted, so the risk of exposing sensitive messages and passwords is still high.

What is the danger of Telegram’s “secret chat”?

According to users, self-destructive media files are still contained on Mac OS devices. Secret Chat boasted more guaranteed security for users compared to other messaging apps, but recently there are flaws that need immediate resolution.

Imagine that inside you are accessing a secret chat, the connection must only be between you and the person you are talking to. Telegram uses end-to-end encryption in its process, so you can’t send messages to others. In the meantime, the media files will be set and will be automatically deleted from the device after a certain time frame.

In addition, Bleeping Computer reported that Cognossec security consultant Dhiraj Mishra revealed that secret chat was vulnerable in the 7.3 update, according to a LinkedIn profile. Telegram’s security guarantee is just the tip of the iceberg for users.

To test whether this feature deletes media files, Mishra conducted a security audit of Mac OS devices via Telegram. However, graduates of the University of Mumbai have discovered that sandbox paths for stored media files can be published via standard chat. Audio and image media files are contained in the same folder, even if the path remains hidden in the feature.

“In my case the path was (/ var / folder / x7 / khjtxvbn0lzgjyy9xzc18z100000gn / T /). The MediaResourceData (path: //) URI was not leaked while performing the same task with the secret chat option. But the recorded audio / video messages are still stored on the path above, “Mishra said in a blog post:” The “P” in the telegram stands for privacy. “

In addition, users could still access the actual files through the computer folders even after the media was removed from the chat after it was self-destructed.

Mishra exemplifies that Alice, who behaves like a victim, sent a media file (either audio or video message) to Bob, a Mac OS attacker. The message will be deleted after 20 seconds. However, even though Alice knew that the file had been deleted from storage, it remained in the path Bob created.

For security analysts, Telegram couldn’t cover user privacy concerns. Due to the flawed features, the app wasn’t as secure as it was in an attack. This is because the file remained where it should have been.

As a precaution, users should be more aware of bugs when sending files to recipients, as sensitive videos can cause very serious concerns in the long run.

How to access my passcode?

Last month, the Telegram 7.4 update fixed the issue, but if you use macOS, make sure the client software has been updated. In fact, you can’t fix the problem unless you stop sending messages in secret chat, but you can still access the plaintext storage of your local passcode.

To access the saved passcode, go to Users /.[username]/ Library / Group Containers / 6N38VWS5BX.ru.keepcoder.Telegram / accounts-Meta data to be displayed as a JSON file. Watch the video below.

