Questions Raised Over Telegram Passport Safety
The recently launched Telegram Passport has been put on the spotlight over security matters. Specifically, experts are questioning the passport’s integrity. The seven day old ID platform is meant to provide ICO applicants with KYS services. The scheme was designed to give applicants sensitive data under an end-to-end encryption system.
In the infosec world, Telegram’s new product has received a cold shoulder over the risk of introducing vulnerabilities. Among the experts questioning the communication giant’s product is Jackson Palmer. Through his Twitter account, Palmer said that users should not trust the service with their personal information due to lack of E2E encryption by default.
The ball of contention is the reliance on Telegram’s proprietary algorithm. Here, data uploaded is exposed to numerous risks despite the passport having its own encryption.
A recent report by Virgil Security further poked holes into the passport after revealing how it works. The report notes that things look worrying.
It is important to note that even advanced hackers might not gain access to the platform, there are still some gaps that might open up an entry point. About three years ago, Telegram ran into similar trouble over encryption matters. Recently, phone numbers of about 15 million users were made public in Iran. With the latest row on the passport, the claims might be turning out to be true.
Another factor is the lack of a digitized signature. The signature is used during software updates. The Virgil Security reports notes that uploaded data safety majorly depends on the user’s password strength. In this case attacks are easier due to hashing algorithm selected? With lack of a digitized signature, data can be manipulated without a user’s notice.
However, all does not look dark with the Telegram passport. There are open ways of conducting reinforcements. Users can then be assured of their safety as well as restore the reputation of the giant communication firm. Telegram CEO who stays away from the limelight might be forced to respond and assures users that their data will be safe.