Someone else’s iPhone you can “kill” one message in the Telegram
Two Iranian specialists have discovered a vulnerability in the messenger Telegram. It has appeared, you can force reboot or freezes the phone by sending him a message with a special code, reports Cnews.
In the Telegram there is a vulnerability through which an attacker can send to the device the victim a message of arbitrary length and “hang” it as a result of overflow of memory. The hole detected by security researchers independent from Iran Sadegh Ahmadzadeh and Omid Giffarine
The problem is that the user takes Telegram messages from any contacts, even if they are not included in his list. The vulnerability is in the algorithm checks the length of the message to users from “spamming” each other. The length of the message in the Telegram must not exceed 4096 bytes (in this case it also cannot be zero). There is also a restriction on the frequency of sending messages, but the researchers did not specify what kind.
“Due to a software error, the sender can obtain control over the length of the message and to send messages of any size. The recipient will receive all messages that are sent to it, regardless of their length,” reads the blog of the researchers.
The authors findings as an experiment, sent a Telegram on the mobile device, the message length of 30 KB (which significantly exceeds the limit of 4,096 bytes).
Upon receipt of such message, the recipient device hangs due to overflow of memory. Or may fail in the application. The researchers also noted that the reception of such messages can be detrimental to the cost — the user just be forced to accept and pay for traffic. It also can quickly drain the battery.
In the blog post the researchers published proof-of-concept video demonstrating the attack in action. They spent 256 out of 300 paid MB of user traffic in minutes.
“That way you can sleep through everything (because your phone is broke, the alarm didn’t work :D), or to find that last night your phone was suffering from insomnia because downloaded dozens of gigabytes of data (i.e. text messages),” write the researchers.
The researchers argue that the command Telegram has not corrected the error. Therefore, they decided not to publish the exploit in the public domain, which would have opened the way for hackers this vulnerability.