![]() ![]() ![]() So, if Telegram bots are being used in channels that share private, confidential or valuable information, it could be seen by an attacker.”įorcepoint says the risks to enterprises are low, because the type of information shared via a bot is likely to be non-confidential. If someone is able to undertake a MiTM attack on this conversation, it would all be seen by the attacker who can then also view the entire chat history. “For example, a group of developers working remotely might set up a bot - in the same way people use bots within Teams or Slack - to automatically update the group that a piece of work or a process such as a build has been completed. “Bots are used to automate communication, but that communication goes to human users,” says Luke Somerville, head of special investigations at Forcepoint. Thus, the researchers say, an attacker in MitM position with capability to decrypt TLS could gain access to the bot token as well as the chat_id leading to a full compromise of the current, as well as all previous, communication. Instead, the bot platform relies on Transport Layer Security (TLS) protocol used in HTTPS web encryption – which isn’t robust enough on its own. And unlike its chat conversations, Telegram’s bots aren’t secured using its encryption protocol, MTProto. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |