Advisory on recent Telegram security concern
The (Unofficial) Telegram Support Group of Hong Kong have noticed a recent security concern across multiple Telegram channels.
The Support Group would like to remind citizens of Hong Kong on the followings:
1）There is a saying, that Telegram chats are recoverable via the use of forensic software. The Support Group has investigated with an unnamed source in the industry, and confirmed that the forensic suite version by April 2020, including Cellebrite PA and UFED, are indeed capable of retrieving existing and deleted Telegram chats. The source has also confirmed that an unnamed hash algorithm software version by December 2019, is capable to unlock Android and iOS Telegram apps, with app passcode lock activated.
2）The Support Group has communicated with an Information Security Engineer, and found no high-priority CVE exploitations or imminent MTProto security concern. By then, the Support Group believes that the communication between Telegram users are still safe and sound.
3）The Support Group has tested with an Information Security Engineer, and found the exploit number CVE-2019-15514 is still reproducible. This means a number of Hong Kong Citizens have not chosen to hide their personal phone number. In view of current Hong Kong politics and society movements, the Support Group worries this exploitation may be used by rogue entities, attaining unrevealed personal information(NIST CWE-200).
4）The Support Group would like to emphasize that Telegram databases can be easily decrypted by forensic software. Should you feel the need to exchange sensitive messages, please use Signal instead.
Android // https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
iOS // https://apps.apple.com/us/app/signal-private-messenger/id874139669