Pavel Durov denied the information about the vulnerability in Telegram to “kill” someone else’s iPhone

Telegram founder Pavel Durov has denied the existence of a vulnerability in Telegram messenger, allowing you to remotely “kill” any smartphone. In comments to the Vc resource Durov said that information about security flaws in the application is untrue.


Pavel Durov denied the information about the vulnerability in Telegram to "kill" someone else's iPhone

Last week it was reported that in the Telegram there is a vulnerability through which an attacker can send to the device the victim a message of arbitrary length and “hang” it as a result of overflow of memory. The defect was discovered by independent researchers from Iran Sadegh Ahmadzadeh and Omid Giffarine.

According to them, the problem is that the user takes Telegram messages from any contacts, even if they are not included in his list. The vulnerability is in the algorithm checks the length of the message to users from “spamming” each other. The length of the message in the Telegram must not exceed 4096 bytes (in this case it also cannot be zero). There is also a restriction on the frequency of sending messages, but the researchers did not specify what kind.


Pavel Durov said that the maximum size of the message in the Telegram some time was 35 KB (the approximate amount of small photos). According to him, this restriction is controlled on the server, and at the time of writing this note it again is 16 KB. Durov says that Telegram nor the app nor the mobile thus “kill” is impossible.

Pavel Durov denied the information about the vulnerability in Telegram to "kill" someone else's iPhone

In addition, according to Durova, in an interview with him Sadegh Ahmadzadeh and Omid Giffarine are unable to provide proof of the existence of gaps. “They came out recently, after a long silence, but nothing intelligible could not figure out” – he said.


Server limitation when sending it always was. They have the outgoing message looked great only because the sending client from it so displayed. With another client, both the sender and recipient of the message will be truncated.

And it seemed to them that send MB. While in fact they only found a way to send 35 KB instead of 16 KB, which on what does not influence (to hang so anything impossible,” – said Durov.

You may also like...





1 Response

  1. Pete says:

    I believe Durov, but I still wouldn’t use Telegram – which doesn’t even end-to-end-encrypts chats by default. Compared to apps like Signal or Threema, Telegram isn’t very secure.

Leave a Reply

Your email address will not be published. Required fields are marked *