Security News > 2021 > February > Secret Chat in Telegram Left Self-Destructing Media Files On Devices

Popular messaging app Telegram fixed a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after they disappeared from secret chats.

Unlike Signal or WhatsApp, conversations on Telegram by default are not end-to-end encrypted, unless users explicitly opt to enable a device-specific feature called "Secret chat," which keeps data encrypted even on Telegram servers.

With the secret chat option turned on, the path information is not spilled, but the recorded message still gets stored in the same location.

Even in cases where a user receives a self-destructing message in a secret chat, the multimedia message remains accessible on the system even after the message has disappeared from the app's chat screen.

While the service does offer client-server/server-client encryption and also when the messages are stored in the Telegram cloud, it's worth keeping in mind that group chats offer no end-to-end encryption and that all default chat histories are stored on its servers.

"So if you are on Telegram and want a truly private group chat, you're out of luck," Raphael Mimoun, founder of the digital security nonprofit Horizontal, said last month.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/WbPl6pzp0xU/secret-chat-in-telegram-left-self.html