Staff member
Malware Hunter
Jul 27, 2015
A vulnerability in a high-level privacy feature of Telegram on macOS that sets up a “self-destruct” timer for messages on both the sender’s and recipient’s devices can allow someone to retrieve these messages even after they’ve been deleted, a researcher has found.

Reegun Richard Jayapaul, Trustwave SpiderLabs Lead Threat Architect, discovered the flaw in the Self-Destruct feature of Telegram MacOS, which is part of the Secret-Chats aspect of the messaging app that uses end-to-end encryption. This encryption – the key to which even Telegram administrators do not have – “is meant for people who are concerned about the security and privacy of their chat history,” he said in a blog post about his findings published Thursday.