Vulnerability in Telegram messaging app can send data charges soaring

A vulnerability recently discovered in the Telegram messaging app allows attackers to circumvent text message character parameters, which could cause recipients' phones to crash.
A vulnerability recently discovered in the Telegram messaging app allows attackers to circumvent text message character parameters, which could cause recipients' phones to crash.

Encrypted messaging app Telegram reportedly contains an unpatched vulnerability that bad actors can exploit to send massive text messages that drive up data charges or cause mobile phones to crash.

Iranian security research blog Sad Ghaf this week reported a unspecified programming error in Telegram that allows senders to transmit a message of arbitrary length. Normally, the app sets text message parameters to between one and 4,096 characters or bytes, but the researchers behind the blog were able to send a text that was over 30,000 bytes long.

Such abuse can cause a phone to crash due to lack of memory, and also cause a recipient to exceed monthly data allowances. An individual does not even need to be in a user's friend list to attack, the blog explained. In February 2016, Telegram announced that it had over 100 million active users.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS