All Apple news

Someone else’s iPhone you can “kill” one message in the Telegram

Posted on Author Comment(0)

Two Iranian specialists have discovered a vulnerability in the messenger Telegram. It has appeared, you can force reboot or freezes the phone by sending him a message with a special code, reports Cnews.

In the Telegram there is a vulnerability through which an attacker can send to the device the victim a message of arbitrary length and “hang” it as a result of overflow of memory. The hole detected by security researchers independent from Iran Sadegh Ahmadzadeh and Omid Giffarine

The problem is that the user takes Telegram messages from any contacts, even if they are not included in his list. The vulnerability is in the algorithm checks the length of the message to users from “spamming” each other. The length of the message in the Telegram must not exceed 4096 bytes (in this case it also cannot be zero). There is also a restriction on the frequency of sending messages, but the researchers did not specify what kind.

“Due to a software error, the sender can obtain control over the length of the message and to send messages of any size. The recipient will receive all messages that are sent to it, regardless of their length,” reads the blog of the researchers.

The authors findings as an experiment, sent a Telegram on the mobile device, the message length of 30 KB (which significantly exceeds the limit of 4,096 bytes).

Upon receipt of such message, the recipient device hangs due to overflow of memory. Or may fail in the application. The researchers also noted that the reception of such messages can be detrimental to the cost — the user just be forced to accept and pay for traffic. It also can quickly drain the battery.

Read also:   ITunes 10.2 for iPhone and iPad expected next week

In the blog post the researchers published proof-of-concept video demonstrating the attack in action. They spent 256 out of 300 paid MB of user traffic in minutes.

“That way you can sleep through everything (because your phone is broke, the alarm didn’t work :D), or to find that last night your phone was suffering from insomnia because downloaded dozens of gigabytes of data (i.e. text messages),” write the researchers.

The researchers argue that the command Telegram has not corrected the error. Therefore, they decided not to publish the exploit in the public domain, which would have opened the way for hackers this vulnerability.

Related Posts
All Apple news

The Supreme court had found Samsung innocent of stealing iPhone design

Posted on Author

Apple has lost the trial on the suit against Samsung for patent infringement in the U.S. Supreme court. The court ruled in favor of the South Korean manufacturer. The U.S. Supreme court reversed the decision of the court of appeal, according to which Samsung was to pay Apple $399 million for the Read also:   […]
All Apple news

Apple will pay a fine of half a billion dollars

Posted on Author Erika J. Wells

Two years ago the court ordered Apple to pay $533 million to Smartflash, the company for patent infringement. In the course of further litigation, the company from Cupertino managed to defend his innocence. This week, the Federal U.S. court of appeals overturned the jury’s decision, according to which Apple had to pay a fine for […]
All Apple news

iWork for iOS has been updated. What’s new?

Posted on Author

The future major update to iOS will help you to turn your mobile Apple devices into a full-fledged work tools. Edition MacDigger says about the main changes to iWork. Pages 4.1 for iOS Brand Apple is the twenty-first place in the category “Productivity”. It can be used to create beautiful articles and notes and invite […]

Leave a Reply

Your email address will not be published. Required fields are marked *