TL;DR - the author claims to have hacked their encryption by reading the messages in phone memory.<p>I don't understand how this is a valid exploit/vulnerability? How would any device, Android or not, render the actual picture of the message on the GPU without having the unencrypted string in memory? It's not possible. If you have local memory/code execution, you will ALWAYS have access to the messages any client application is rendering/using.
I am not even a security novice, but isn't getting root on the devices basically a game over? The suggestions the author hard to encrypt the stuff in memory and on disk would just add a extra step for the attacker to find the key? If they key had to be entered by the user every time the attack can just wait until the user does so? If thats too hard... just monitor the user.
With root you can just wait and take screen shots... (as the author shows) which would work for any thing the user does ever and is simpler?
The attack vector wasn't even through the Telegram application but depending on if you get access to disk or memory. Sure that's not hard to do...but it's still safe in-transit? A pretty interesting read, but I'm not seeing the leetness here.
tldr; End-to-end encryption does nothing when an adversary controls one of the ends.<p>I'd say this guy is trying a little too hard to promote his "Zimperim Mobile Security" brand here...
Also neat that you really can recompose the entire conversation, as the timestamps are clearly available in the DB.<p>Offset 0056e1c, 0x54ba8a1d is unixepoch 1421511197 - which is January 17th, at 16:13:17GMT - which, given that the author is in Tel Aviv (GMT+2), corresponds with the 6:13PM timestamp for 'Shlookiedo' seen in the photos.
I find it hard to believe that Telegram did not respond to the author. How can one company simultaneously host a $200k security contest, yet not respond to a simple email disclosing a vulnerability?