Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Vulnerability in Telegram messaging app can send data charges soaring

Encrypted messaging app Telegram reportedly contains an unpatched vulnerability that bad actors can exploit to send massive text messages that drive up data charges or cause mobile phones to crash.

Iranian security research blog Sad Ghaf this week reported a unspecified programming error in Telegram that allows senders to transmit a message of arbitrary length. Normally, the app sets text message parameters to between one and 4,096 characters or bytes, but the researchers behind the blog were able to send a text that was over 30,000 bytes long.

Such abuse can cause a phone to crash due to lack of memory, and also cause a recipient to exceed monthly data allowances. An individual does not even need to be in a user's friend list to attack, the blog explained. In February 2016, Telegram announced that it had over 100 million active users.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.