Cryptographers unearth vulnerabilities in Telegram’s encryption protocol
An international team of computer scientists reported on Friday that they found four cryptographic vulnerabilities in the popular encrypted message app Telegram.
The weaknesses range “from technically trivial and easy to exploit to more advanced and of theoretical interest,” according to the security analysis. But ultimately they prove that the four key issues “could be done better, more securely and in a more trustworthy manner with a standard approach to cryptography,” said ETH Zurich Professor Kenny Paterson, who was part of the team that uncovered the flaw.
The most significant of the vulnerabilities the researchers uncovered is what they called the “crime-pizza” vulnerability. In it, an attacker could alter the order of messages coming from a client to a cloud server that Telegram operates.
“For example, if the order of the messages in the sequence ‘I say “yes” to’, ‘pizza’, ‘I say “no” to’, “crime” was altered then it would appear that the client is declaring their willingness to commit a crime,” according to the universities.
In one of the more theoretical vulnerabilities, an attacker could discern which of two messages were encrypted by a client or a server, although it would require special circumstances to be able to do so.
Telegram relies on its own MTProto encryption protocol, rather than a more widely used protocol like Transport Layer Security. Cryptographers have eyed MTProto skeptically in the past, too. The latest research serves as a reminder that while encrypted apps offer a significant degree of security, they aren’t 100% impervious to exploitation.
Cryptographers from ETH Zurich, a public research university in Switzerland, and the Royal Holloway constituent college of the University of London disclosed the vulnerabilities to Telegram in April. The encrypted app counts more than 500 million monthly users.
“For most users, the immediate risk is low, but these vulnerabilities highlight that Telegram fell short of the cryptographic guarantees enjoyed by other widely deployed cryptographic protocols,” a university summary states.
Telegram wrote that it made changes in response to the disclosure “that make the four observations made by the researchers no longer relevant.”
It also highlighted that the vulnerabilities weren’t critical. “We welcome any research that helps make our protocol even more secure,” Telegram said. “These particular findings helped further improve the theoretical security of the protocol.”