Animated Bugs - The New Remote Attack Surface in Telegram

Explore the security vulnerabilities in end-to-end encrypted instant messaging apps, focusing on Telegram's implementation of animated stickers in E2EE chats. Dive into a comprehensive analysis of 13 one-click zero-day exploits discovered through libfuzzer and structure-aware fuzzing techniques. Learn about the persistent security risks associated with image formats and memory corruptions in popular messaging platforms. Gain insights from Paolo Giai, Director of Research at Shielder, as he shares his expertise in binary exploitation and web application security. Understand the process of identifying and exploiting new attack surfaces in widely-used communication tools. This 50-minute conference talk from the Hack In The Box Security Conference offers valuable knowledge for security researchers, penetration testers, and anyone interested in the intersection of messaging app security and exploit development.