Hacker News Digest

Telegram’s end-to-end encryption is vulnerable to sophisticated attacks that could enable large-scale surveillance. Researchers demonstrated that an attacker can exploit weaknesses in Telegram’s MTProto2.0 protocol to recover encryption keys with high probability using relatively few queries. This attack leverages the protocol’s padding mechanism, highlighting a critical design flaw. While official clients may be safer due to open-source scrutiny, third-party clients could be compromised, making this a significant threat. The study also proposes a simple fix to the padding mechanism that would mitigate this risk, suggesting that Telegram’s current encryption needs urgent revision to prevent potential state-level exploitation.