CertiK Discovers Telegram RCE Vulnerability Allowing Attacks on Users
Blockchain security platform CertiK uncovered a Telegram vulnerability on April 9 that allows hackers to deploy a remote code execution (RCE) attack through “specially crafted media files, such as images or videos.”
CertiK’s Discovery Reveals Telegram Vulnerability
CertiK raised the alarm in an X post, describing the RCE attack as a “high-risk vulnerability in the wild.” An RCE vulnerability allows an attacker to execute arbitrary code on a remote device, which can lead to various levels of damage.
The security firm told the media that the RCE attack was exclusive to Telegram’s desktop version, not its mobile applications, as it was not designed to run executable programs.
#CertiKInsight ⚠️
We see a high-risk vulnerability in the wild,
Please check your telegram configurations to improve security!
👇👇👇👇👇
Possible RCE was detected in Telegram's media processing in Telegram Desktop application.
This issue expose users to malicious attacks through…— CertiK Alert (@CertiKAlert) April 9, 2024
Following CertiK’s discovery, the official Telegram X account countered the claim and argued that there was no vulnerability in their system and that the issue was likely a fake. Some X users shared their opinion, stating that the issue was not new to the platform.
Lol, this is an issue for over a year now.
— Fugazi Finance (@fugazifinance) April 9, 2024
This is not the first time that Certik has reported attacks on Telegram. In October 2023, the blockchain security firm warned users about Telegram bot tokens, which it claimed could be exit scams.
In 2021, a Shielder security research report revealed that the messaging app suffered a similar remote media-related attack that enabled hackers to send modified animated stickers on Android, iOS, and MacOS application versions – which would grant them access to media files that people share in all types of chats.
The issues were reported and addressed by the Telegram security team, however.
In May 2023, Google engineer Dan Revah discovered a bug that enabled attackers to activate the camera and microphone on laptops running on MacOS software.
CVE-2023-26818: Latest blog post on how I found a vulnerability in Telegram's macOS app and was able to bypass TCC, giving me unauthorized access to sensitive user data and recording the user via camera. 🔒 📸#Cybersecurity #macOS https://t.co/HJwvJSE7Tv
— Dan Revah (@danrevah) May 15, 2023
Could the Latest Security Setback Derail Telegram’s Wall Street Listing?
CertiK’s discovery of the Telegram vulnerability coincides with the platform’s announcement of a possible debut on Wall Street.
In March, Telegram CEO Pavel Durov exclusively told the Financial Times that the messaging app was mulling an IPO in the US, following in the footsteps of Reddit, whose stock has captured investor’s interest. With over 900 million users, a preliminary valuation of $90B, and increasing revenues, the social media app is ripe for a public listing.
“Generally speaking, we see value in [an IPO] as a means to democratise access to Telegram’s value,” he explained.
🔥 Telegram has received a preliminary valuation of $30 billion ahead of a potential IPO, reaching 900 million users and almost breaking even in profit
💎 $TON reacts with a 15% increase
— epickot (@epickot) March 11, 2024
While Telegram’s expansion is evident, one major hurdle it must overcome before venturing into Wall Street is its ‘dark web’ baggage. Cybersecurity experts have long labeled the app as the hotbed for organized criminals.
According to a US cybersecurity magazine report, bad actors use the messaging platform as a marketplace to facilitate illicit transactions and spread extremist content. The platform’s poor reputation and alleged ties to the Kremlin – Patel Durov has consistently denied this – could be a major talking point for investors.
Despite these drawbacks, Telegram has adopted crypto for in-app ad purchases as part of its user monetization strategy.
