Telegram Refutes Operation Zeros Claims of Zero-Click Vulnerabilities for Sale

The Telegram resource «Code Durov» has responded to the announcement regarding Operation Zero’s willingness to purchase zero-day vulnerabilities in the messenger for resale.

Telegram’s stance is that the platform has never been susceptible to zero-click exploits. The application’s open-source code and documented encryption protocols have been vetted by security researchers. Telegram is the only messaging app that offers verifiable builds for both iOS and Android.

The fact that money is being offered for the discovery of such vulnerabilities indicates that they have been unable to find any.

In their message to «Code Durov,» the Telegram team reminded that zero-click exploits have been identified in WhatsApp at least as early as November and December 2019, as well as in January 2024.

Previously, the exploit broker Operation Zero offered up to $500,000 for one-click remote code execution (RCE) exploits, up to $1.5 million for zero-click RCE exploits, and as much as $4 million for a full chain of exploits. This likely refers to a series of vulnerabilities that would allow hackers to not only access the victim’s Telegram but also the entire operating system or device.