Advertise
CoinTrust
BTC
ETH
BCH
SOL
DOGE
SHIB
  • News
  • Bitcoin
  • Ethereum
  • Altcoin
  • Market Cap
  • Learn
    • Buying Crypto
    • Crypto Mining
    • Crypto Exchanges
    • Knowledge
  • Crypto Casinos
    • Bitcoin Casinos
    • New Crypto Casinos
    • No KYC Crypto Casinos
    • Anonymous Crypto Casinos
    • VPN Friendly Crypto Casinos
    • Bitcoin Poker
    • Crypto Poker
    • Bitcoin Bingo
    • USDT Casinos
    • Offshore Online Casinos
    • Bitcoin Betting Sites
    • Crypto Sports Betting
    • Reddit’s Best Bitcoin and Crypto Casinos
No Result
View All Result
CoinTrust
  • News
  • Bitcoin
  • Ethereum
  • Altcoin
  • Market Cap
  • Learn
    • Buying Crypto
    • Crypto Mining
    • Crypto Exchanges
    • Knowledge
  • Crypto Casinos
    • Bitcoin Casinos
    • New Crypto Casinos
    • No KYC Crypto Casinos
    • Anonymous Crypto Casinos
    • VPN Friendly Crypto Casinos
    • Bitcoin Poker
    • Crypto Poker
    • Bitcoin Bingo
    • USDT Casinos
    • Offshore Online Casinos
    • Bitcoin Betting Sites
    • Crypto Sports Betting
    • Reddit’s Best Bitcoin and Crypto Casinos
No Result
View All Result
CoinTrust
No Result
View All Result

Home » Cyber Security Firm Points Out Vulnerabilities In Telegram Passport App

Cyber Security Firm Points Out Vulnerabilities In Telegram Passport App

Kelly Cromley by Kelly Cromley
Aug 2, 2018
in News
Reading Time: 3 mins read
0

Telegram, the popular messenger app among cryptocommunity and those living under authoritarian regimes, did not proceed with its ICO as it was able to raise $1.7 billion for its new project from private investors.

A few days before, Telegram team released Passport, an identity verification app, whose details were covered by Cointrust in detail. The crypto-friendly app, however, has received a negative review from Virgil Security, a US based security research firm.

Virgil Security, in its blog post, stated that it has discovered several vulnerabilities in the identity verification app. Virgil, however, admired Telegram for making the project as open source, allowing cyber security experts to audit the code. In its report, Virgil mainly pointed out two security related issues: the manner in which the app encrypts data and how the stored data is secured.

Virgil Security’s Alexey Ermishkin wrote as follows in the company’s blog “Their commitment to openness gives security practitioners the opportunity to review their implementation and, ideally, help improve it. Unfortunately Passport’s security disappoints in several key ways.”

Telegram never stated that it is going to raise funds through ICO. However, the leaked documents indicated that the company was aiming to offer services such as file sharing and encrypted browsing, which other startups has already proposed. The company also wanted to introduce blockchain-based payments within its popular chat app.

Wherever there is money transaction involved, identification of parties in some form or the other will be involved. To facilitate that process, Telegram launched the Passport project. At the same time, Telegram also wanted to disrupt traditional identity verification service providers such as Equifax, which maintain user profile in centralized databases that are prone to hacking.

While explaining about Passport in its blog post, Telegram guarantees that “identity documents and personal data will be stored in the Telegram cloud using end-to-end encryption. It is encrypted with a password that only you know, so Telegram has no access to the data you store in your Telegram passport.”

However, the report issued by Virgil Security means that Telegram has to remove the bugs in the code.

Brute force technique

Highlighting the fact that Telegram uses SHA-512 to hash passwords, Virgil Security said “It’s 2018 and one top-level GPU can brute-force checks about 1.5 billion SHA-512 hashes per second.” Furthermore, Virgil Security states that as long as there are enough computers available, each passwork can be easily broken for a small sum of between $5 and $135. Virgil, however, acknowledges that an attacker must first of all breach Telegram’s security ring.

Virgil Security co-founder Dmitry Dain said

“To access the password hashes, the attack would have to be internal to Telegram. The ways that could happen are numerous — insider threat, spearphish, one rogue USB stick, etc.”

If millions of users start using the service, then the database will easily become an attractive target.

Unsigned data issue

The other vulnerability pointed out by Virgil is that the data uploaded to Passport isn’t signed. Through cryptographic signature, it is possible to confirm the user who loaded the data and guarantee that it has not been tampered. Without a crypto signature, data can be changed and identification is impossible.

The Virgil Security argues

“Now, when people see ‘end-to-end encrypted,’ they believe that their data will safely be sent to a third party without worries of it being decrypted or tampered with. Unfortunately, Passport users will have a false sense of confidence.”

The crypto community is hopeful that Telegram sorts out the issues pointed out by Virgil security soon.

Previous Post

Australia Funds Blockchain Based Sustainable Sugar Project

Next Post

Credit Suisse’s ‘Bitcoin Expert’ Gets Poached By Morgan Stanley

Related Posts

coinbase partners with perplexity ai

Coinbase Taps Perplexity AI to Deliver Smart Crypto Insights

by Kelly Cromley
Jul 14, 2025
0

Coinbase has entered into a strategic collaboration with Perplexity AI to provide users with real-time cryptocurrency market data through artificial...

Hedera

Hedera Moves Closer to AI Mainstream with Intel and NVIDIA Support

by Kelly Cromley
Jul 14, 2025
0

Hedera, a decentralized public blockchain, appears to be stepping into the spotlight as a key enabler of artificial intelligence infrastructure,...

Kenya

Kenya Launches $KDT Token on Solana Blockchain to Drive Digital Inclusion

by Kelly Cromley
Jul 14, 2025
0

Kenya has taken a notable step toward embracing digital innovation through the public endorsement of a private sector-led initiative to...

imagen network

Imagen Integrates XRP for Faster Web3 Social Transactions

by Kelly Cromley
Jul 13, 2025
0

Imagen Network, a decentralized social platform driven by artificial intelligence, has introduced XRP-based liquidity modules across its multichain infrastructure. This...

endless partners with rei network

Endless and REI Network Join Forces to Simplify Web3 Development

by Kelly Cromley
Jul 13, 2025
0

Endless Protocol has announced a strategic partnership with REI Network, a lightweight blockchain infrastructure developed by GXChain Global. The collaboration...

Injective Blockchain Faces Backlash as INJS Minting Comes to Abrupt Halt

Injective Forms Power Council to Bridge Web2 and Web3

by Kelly Cromley
Jul 13, 2025
0

Injective has unveiled the Injective Council, a newly established strategic advisory group comprising senior representatives from major Fortune 500 firms...

Next Post
Credit Suisse’s 'Bitcoin Expert' Gets Poached By Morgan Stanley

Credit Suisse’s 'Bitcoin Expert' Gets Poached By Morgan Stanley

  • Collé Ai

    Collé: Pioneering AI Web3 Platform Receives Investment Boost from BlackRock

    by Kelly Cromley
    May 13, 2024
  • Router Protocol and OpenWorldSwap Partnership to Revolutionize DEX Market

    by Kelly Cromley
    Aug 6, 2024
  • Hyper Foundation Launched to Boost Hyperliquid Blockchain Development

    by Kelly Cromley
    Oct 15, 2024
  • Central Bank of Saudi Arabia Teams Up with Ripple to Transform Cross-Border Settlements

    by Kelly Cromley
    Aug 17, 2023
  • GameStop’s Digital Transformation: Embracing Blockchain and NFTs

    by Kelly Cromley
    Feb 2, 2025

Recent News

coinbase partners with perplexity ai
Market News

Coinbase Taps Perplexity AI to Deliver Smart Crypto Insights

by Kelly Cromley
Jul 14, 2025
Hedera
Market News

Hedera Moves Closer to AI Mainstream with Intel and NVIDIA Support

by Kelly Cromley
Jul 14, 2025
Kenya
Market News

Kenya Launches $KDT Token on Solana Blockchain to Drive Digital Inclusion

by Kelly Cromley
Jul 14, 2025
imagen network
Market News

Imagen Integrates XRP for Faster Web3 Social Transactions

by Kelly Cromley
Jul 13, 2025
endless partners with rei network
Market News

Endless and REI Network Join Forces to Simplify Web3 Development

by Kelly Cromley
Jul 13, 2025

Categories

  • Altcoin News
  • Analysis News
  • Binance Coin News
  • Bitcoin News
  • Blog
  • Cardano News
  • Ethereum News
  • ICO News
  • Legislation News
  • Market Forecasts
  • Market News
  • News
  • Ripple News
  • Solana News
  • Tether News
Trustpilot

Cointrust

  • About Us
  • Contact Us
  • Correction Request
  • Our Team

Legal

  • Disclaimer
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy

Popular

  • ICO Listings
  • Knowledge Base
  • All about Mining
  • Cryptocurrency Exchanges
  • How and Where to buy Cryptocurrency

Sitemap

  • News section
  • Sitemap
  • XML Sitemap

© 2024 CoinTrust.com.

CoinTrustCoinTrust

* DISCLAIMER: All information provided in CoinTrust is merely for informational purposes, we are not an investment advisor and not affiliated with any companies or ICO/Cryptocurrency Projects. To use this website you must accept our cookie policy, Disclaimer and Privacy Policies.

No Result
View All Result
  • News
  • Bitcoin
  • Ethereum
  • Altcoin
  • Market Cap
  • Learn
    • Buying Crypto
    • Crypto Mining
    • Crypto Exchanges
    • Knowledge
  • Crypto Casinos
    • Bitcoin Casinos
    • New Crypto Casinos
    • No KYC Crypto Casinos
    • Anonymous Crypto Casinos
    • VPN Friendly Crypto Casinos
    • Bitcoin Poker
    • Crypto Poker
    • Bitcoin Bingo
    • USDT Casinos
    • Offshore Online Casinos
    • Bitcoin Betting Sites
    • Crypto Sports Betting
    • Reddit’s Best Bitcoin and Crypto Casinos

© 2024 CoinTrust.com.

We use cookies to ensure that we give you the best experience on our website.
If you continue to use this site you agree to allow us to use cookies, in accordance with our Cookie Policy.
I Agree