Four cryptographic vulnerabilities in Telegram
An international research team of cryptologists has conducted a security analysis of the popular messaging platform Telegram. Several vulnerabilities were identified in its protocol. This means that essential data security guarantees are not sufficiently fulfilled.
©Pixabay
Using only open source code and without "attacking" Telegram's running systems, a small team of international researchers analyzed Telegram's encryption services in detail. The researchers from ETH Zurich and Royal Holloway College (University of London) uncovered several cryptographic vulnerabilities in the protocol of the popular messaging platform.
While the immediate threat to the majority of its 570 million users is small, the vulnerabilities make it clear that Telegram's system is inferior to the security guarantees of other commonly used encryption protocols, such as Transport Layer Security (TLS). Professor Kenny Paterson of ETH Zurich points out that the analysis revealed four key problems that could be solved "... better, more securely, and in a more trustworthy way with a standard encryption method."
First weak point: commit a crime or eat pizza?
The researchers found that the most significant vulnerabilities are related to the fact that attackers in the network can manipulate the sequence of messages sent from the client to one of the cloud servers operated by Telegram worldwide. For example, messages could be mixed up in a chat history. So if someone can change the order of the messages "I say 'yes' to", "Pizza!", "I say 'no, to", "Crime", the "yes" to eating pizza could suddenly become a "yes" to a crime.
Second weak point: every bit of information is too much
Via this vulnerability, which is rather theoretical in nature, a network attacker can find out which of two messages from a client or from a server is encrypted. However, encryption protocols are designed to exclude such attacks as well.
Third weak point: Set the clock
The researchers examined the implementation of Telegram clients and found that three of them - namely Android, iOS and Desktop - each contained code that, in principle, allows attackers to partially decrypt encrypted messages. While this sounds disturbing, it would require an attacker to send millions of carefully crafted messages to their target and detect minute differences in the delivery time of responses. However, if such an attack were successful, it would have devastating consequences for the confidentiality of Telegram messages and, of course, for its users. Fortunately, such an attack is almost impossible in practice. And yet, this vulnerability must be taken seriously. Such an attack is thwarted mainly by chance, since Telegram keeps some metadata secret and selects it randomly.
Fourth weak point: Someone is reading along
The researchers also show that during the initial key exchange between client and server, an attack can be carried out by the attacker interposing himself. In doing so, the attacker impersonates the server to the client, which allows him to violate both the confidentiality and integrity of the communication. Fortunately, this attack method is also relatively difficult to carry out, as it would require the attacker to send billions of messages to a Telegram server in minutes. However, this attack demonstrates that the security of Telegram servers and their implementation cannot be taken for granted, even though users must be able to rely on these servers, since no end-to-end encryption is provided by default.
Security basics
As is standard practice in this area of research, the team informed Telegram's developers 90 days before the results were published. This gave the company enough time to fix the identified flaws. In the meantime, Telegram has responded to the findings and fixed the security issues found by the researchers with software updates.
Encryption protocols rely on elements such as hash functions, block ciphers, and public-key encryption schemes. It is standard in the industry to combine these secure building blocks in such a way that the security of the protocol constructed from them can be formally guaranteed. Telegram has no such formal assurance. But the research team has good news for Telegram here: It showed how such safeguards can be achieved even by making minimal changes to Telegram's protocol. However, a protocol is only as secure as its building blocks, and the way Telegram's protocol works, its building blocks must meet extraordinarily high security requirements. The research team draws a comparison here to the roadworthiness of a vehicle but with untested brakes.
Why do academic researchers actually scrutinize open source code from the private sector? Kenny Paterson says, "The fundamental motive is that we want to build stronger, more secure systems that protect their users and users. Since the technology industry sometimes evolves faster than its academic counterpart, technology companies offer students an opportunity to work on real-world challenges, perhaps solve them, and make an important contribution to society."
Professor Martin Albrecht (Royal Holloway) adds, "The inspiration for our work in this case came from research elsewhere that examined technology use among participants in large protests, such as 2019/2020 in Hong Kong. We found that protesters coordinated their activities predominantly on Telegram, but that Telegram had not previously been put through its paces by cryptographers..."
Source: ETH News
