Telegrambeside Whats upone of the most popular instant messaging apps and one of its main claims is usually how safe. Users evaluate the protection it offers, and the questioned point in two studies that offer options to increase security, offered within the framework of the RootedCON 2022 cybersecurity event.

The founder of the company specializing in cryptography and data protection, CriptoCert, Alfonso Múñoz and Technical Evaluations In the New Markets section of Telefonica CyberTech, Pablo San Emeterio presented two studies aimed at debunking the myths about Telegram’s security at RootedCON 2022, held in Madrid last March.

WhatsApp and also Telegram claim unaware of the content of the conversations The first of its users was implemented in 2016, and the second was created with this encryption, thanks to end-to-end encryption.

Signal founder Moxie Marlinspike has criticized Telegram in the past for, in her own words, keeping the information it collects from the user in plain text and not using encryption. The application offers: create secret chats, using a “questionable” e2ee protocol.

Muñoz explained in his presentation during the conference, however, that most information and files are shared on Telegram. it only has client-server encryption. This allows the app to know most of the information exchanged inside it.

This speaker also refers to the so-called secret Telegram chats your host has. It stores in encrypted files. This technique also lets the application know which people have modified these files, when they did so, and data such as their size and name.

In this context, the cryptography involved in transit communication cannot be compromised without the cooperation of the company. In this case, Muñoz points out that Telegram’s security is too much. based on trust on the platform itself.

Possible solutions to the problem

Muñoz acknowledges that there is no ideal solution to the privacy issue from the individual’s point of view. cyber security. However, there is a platform that allows you to compare and evaluate which app is best suited to users’ needs.

San Emeterio, for its part, has introduced an additional safeguard that includes: extra layer of encryption. This implements the use of introspection techniques and dynamic instrumentation. Both allow you to change the behavior of apps and operating systems like Telegram in this case.

To do this, inject an instrumentation code is specific to the process of executing a program or application. The tool acts to monitor and analyze the dynamic execution process without affecting the results of its dynamic execution.