Flaws found in various encrypted messaging services

ARS Technica warns that even encrypted message services aren't always secure or safe as recent events have shown various systems contain vulnerabilities. First up, researchers found decade-old flaws in PGP and S/MIME-encrypted e-mails, which could be used to leak the contents of previously intercepted messages. Additionally, other researchers found a vulnerability in the Signal messenger that could be used to execute malicious JavaScript, while yet another team discovered the existence of malware that targets Telegram users.

The threats involving encrypted email, Signal desktop and Telegram desktop are different in several important respects. The first involves flaws that are more than 10 years old and were (or still are) in dozens of email clients and various encryption implementations. The second threat affected Signal desktop for about one month (mobile versions were never vulnerable). The third doesn’t exploit any vulnerability at all in Telegram, since (1) developers are clear the desktop version doesn’t provide secret chats and (2) the malware relies on the social engineering of a user.