by Michèle Feltz
Telegram is a messaging application that is used every day by millions of users around the world. The functionality of the app includes, for example, texting other Telegram users, creating group chats, making video calls, or creating broadcasting channels where messages can be sent to a wide audience.
What about the security of Telegram? Telegram does not provide end-to-end security by default; messages are only protected in confidentiality and integrity between a user’s device and Telegram’s servers. So, the data exchanged between users is at risk of insider threats or of hackers breaking into Telegram’s servers.
The “secret chats” feature of Telegram provides end-to-end encryption, where only the sender and the recipient can read the messages exchanged. Furthermore, Telegram claims in their privacy policy that “secret chats” are not stored on their servers [1].
Let’s have a look at the protocols used by Telegram. The company uses the non-standard cryptographic protocol MTProto [4] to secure the message exchange between a user’s device (such as his smartphone or tablet) and Telegram’s servers. MTProto is also used for end-to-end encryption in “secret chats”.
Compared to the well-studied and standardized Transport Layer Security (TLS) protocol, only relatively few security analyses of MTProto exist. In 2018, the security of MTProto in “secret chats” has been studied by Kobeissi in [3].
Recently, in 2021, Albrecht, Marekovà, Paterson and Stepanovs [2] published a rather comprehensive security analysis of the use of symmetric cryptography in the MTProto 2.0 protocol used for client-server encryption in the default setting, where messages are not end-to-end encrypted but only protected between clients and servers (this setting is called “groups chats”). The researchers uncovered several vulnerabilities in the protocol (some of them easy to carry out and some others more difficult to exploit in practice) and provided countermeasures to these vulnerabilities. They informed the developers of Telegram of their findings three months before publishing them. Telegram’s developers addressed the weaknesses in later software updates for Telegram clients and implemented some server-side fixes for a specific type of attack scenario. Details on the researcher’s findings can be found in [5].
References:
[1] Telegram Privacy Policy, Telegram Messenger Inc., August 14th 2018, available at https://telegram.org/privacy (accessed 5.7.22)
[2] Albrecht M.R., Marekovà L., Paterson K. G., and Stepanovs I., Four Attacks and a Proof for Telegram, full version of a work to appear at IEEE S&P 2022,
preparation date: 16 July 2021, available at https://mtpsym.github.io/paper.pdf
[3] Nadim Kobeissi. Formal verification for real-world cryptographic protocols and implementations. Cryptography and Security [cs.CR]. Université Paris sciences et lettres, 2018. English. NNT : 2018PSLEE065 . tel-03245433v4, available at https://hal.inria.fr/tel-01950884