CVE-2021-36769

Vulnerability

A message reordering vulnerability exists in Telegram's MTProto protocol, affecting Android versions before 7.8.1, iOS versions before 7.8.3, and Telegram Desktop before 2.8.8 [1]. The server does not enforce the order in which messages are received from a client, allowing an attacker to alter the sequence of messages.

Exploitation

An attacker with network access (e.g., on the same Wi-Fi or an ISP) can intercept the encrypted messages sent from a client to the Telegram server. By reordering the packets, the attacker can cause the server to process messages in a different order than intended. The attack is trivial to carry out and does not require decryption of the messages [1].

Impact

The attacker can alter the perceived sequence of messages in a conversation, potentially changing the meaning of the dialogue. For example, the order of statements like 'I say yes to' and 'all the pizzas' versus 'I say no to' and 'all the crimes' can be swapped, leading to confusion or misrepresentation. The impact is limited to message ordering; confidentiality and integrity of individual messages are not compromised [1].

Mitigation

Telegram addressed this issue in version 7.8.1 for Android, 7.8.3 for iOS, and 2.8.8 for Telegram Desktop [1]. Users should update to the latest version to mitigate the vulnerability. No workaround is available for older versions.