Telegram is an app well known for instant messaging in certain regions of the world. Today, they announced Telegram was taking down many channels belonging to ISIS. The media, eager to paint ISIS as a sophisticated group, quickly called the channels “encrypted.” But, how true is that statement?
ISIS channels on Telegram blocked
Telegram uses their special “MTProto” protocol for their message passing. As the details show on their website, it uses several server and chat keys to encapsulate the content being transmitted. This ensures that messages from server to “end” points (Telegram mobile app or webclient) is not readable by others on the way. However, if you want to have “end-to-end” secrecy so that not even the server can read your messages, you have to initiate a “Secret Chat.” For that, a session key is derived and used.
As a result, while the channels that ISIS used were technically using encryption, they are not as secure as the media implies. They were readable by the Telegram server, and data in them could even be beneficial to intelligence agencies.
While I am no cryptographer, and I emphasize that, I had a few concerns about the whole application. These are worthy of note since another similar app has covered them: Signal (previously also known as TextSecure on Android). Here is what came to my mind:
-
Group chats are not end-to-end encrypted
As stated above, the server (and anyone with proper court orders) can read the messages going around.
Signal doesn’t have a public channel, but all group or private chats are end-to-end encrypted by default. By design not even the server can read your content.
-
It is hard to verify identities in “Secret Chat” mode
Alice and Bob are talking. To prevent a Man-in-the-Middle attack, you have to make sure no-Chuck is pretending to be the other end and just relay messages with their own key. So Telegram shows you a “visualization of the encryption key” so Bob and Alice can make sure indeed they are talking with each other.
Dark blue, dark blue, light blue, dark blue, white, white … no sorry, light blue, white, …
But in doing so, it assumes you have a safe way to get an image across to the other person. But in many scenarios, if I had that secure method to get things around I wouldn’t even need this Secret Chat! And don’t even consider using the same chat session to send the image to the other end. If the channel is compromised, Chuck has definitely implemented a way to swap the images for the one he wants.
Signal uses real asymmetric cryptography, so it gives you the “fingerprint” of the each person which is a sequence of numbers. Verifying this is way easier.
-
Telegram uses an encryption key per each chat “session”
The concept is nice, and pretty common. But since the key shown in verification is per chat session, you have to re-verify the images once you start a new chat. This is even if you had already verified this particular person.
Signal stores public key and fingerprint of each person on your phone. And I think they use this information to derive chat session keys. So next time when you start another chat with a person or people known to you, it simply verifies they are the same as before. And if the fingerprint changes, there is a red warning next to every message you send them that says “Some issues need your attention” as below:
Signal smells a rat!
-
Server might be able to fool you even if you do check visual key
This is to be debated by the more serious cryptographers with more free time than me. Telegram only uses 128bits of the key to form the visualization of the key. So if theoretically the fake key shares the same last 128 bit with the real key you would expect, then the image becomes useless.
But then again, if the Telegram server is really malicious (and it’s not someone else pretending to be Telegram) then there might be much simpler ways to compromise your connection.
-
Telegram still uses SHA-1
This is a big question mark, SHA-1 is not exactly the most respected algorithm. In fact, it is considered theoretically flawed, was planned to be banned by browsers, and people claim to have broken it. They may says it’s not an issue given their other measures, but why stick to it for an app that wants to reassure users they are secure?
-
No secure voice call in Telegram
Telegram does not have a voice call option.
Signal, on the other hand, provides a pretty decent end-to-end encrypted voice call feature.
-
Telegram is not completely open source
While the client side is open source, the server side is kept behind doors. This means “spot check” audits from professional or hobbyist security folks is not that easy to happen.
Signal, at least for now, is completely open source. I believe once can clone their git repository and start their own server!
-
Telegram has the self timer and screenshot notification
These are pretty interesting features for the secret chat. But since the Secret Chat is just 1-to-1, it can’t compete with the SnapChat or similar “self destruct” apps. Still, pretty cool!
Conclusion
I think Telegram is a nice app for the everyday communications. And it might be even good for some casual “secrecy.” But the way it compares with the competition, Signal, it leaves a lot to be desired. People who are paranoid enough to look for secret end-to-end chats would want more direct ways to verify the tool is secure.
To me, Signal wins!
Related:
These are by people more familiar with the domain, so give them a try for more information:
- “A 264 Attack On Telegram, And Why A Super Villain Doesn’t Need It To Read Your Telegram Chats.”
- Telegram, AKA “Stand back, we have Math PhDs!”
- CryptoFails: Telegram’s Cryptoanalysis Contest
- “A practical cryptanalysis of the Telegram messaging protocol” a Master’s Thesis by Jakobsen, 2015.
These two articles cover the “Jihadi” methods pretty well: