Rad said there's also a potential problem with Telegram's user authentication. When a person registers a new device, Telegram sends a one-time passcode via SMS. There are a variety of attacks and methods to intercept SMS communications, Rad said, making it generally not the best way to authenticate a user.
Telegram's Ra conceded issues around SMS and wrote that Telegram has been working on an additional cloud-based password mechanism for the last two months. "This work is now almost done and our users should be able to enjoy two-factor authentication soon," he wrote.
Sign up for MIS Asia eNewsletters.