11 comments

[ 3.1 ms ] story [ 22.5 ms ] thread
Is this really something new? If memory serves, Telegram has had it's own crypto since the beginning, and I don't remember anything about it ever being audited by... Well, anybody?

Granted, I don't know how MTProto actually works all that well, but IMO Telegram should've just used Noise or something. Would've saved them a lot of trouble. Although that doesn't really resolve the underlying problem that people think Telegram is secure when it's not (i.e., you have to explicitly enable E2EE and it's off by default), at least last time I checked. I haven't used telegram in years so my knowledge might be out of date though.

Reminder that Telegram has "end to end" encryption only for direct messages; the rest is client-server, which they seem to believe is just as good as end-to-end.
For people who only read the headline, it's not as bad as the title might suggest. This attack requires backdooring the client, by which point it's already effectively game over in most threat models. The main advantage of this attack is that a compromised client can be sending "encrypted" messages that can actually be trivially decrypted by authorities, but that isn't immediately obvious to someone inspecting network traffic. Needless to say, this is a pretty pointless attack because nobody is manually inspecting every piece of data that their telegram is sending, and the client probably makes so many requests that it's trivial to smuggle data through some other side channel.
can anyone explain why telegram doesn't use an audited e2e implementation? is it really because they wanted more convenient and faster cross-device sync? have they been threatened and/or backdoored by the fsb? they basically stole vk from him, but left him alone w/ telegram?

it's suspicious, but at the same time, iirc, nobody's been able to find a vulnerability in their encryption protocol :shrug

(comment deleted)
in short, you don't need access to the device, only to the same network

if you are on the same network and manage either intercept key to bruteforce it or guess encryption key with emoji it's possible to decrypt the whole chat. It works because telegram random generator uses time and some device information which is predictable

the study managed to decrypt 500 messages out of 500 on emulator devices. Brutewforcing takes like a few $100 worth of computing power

Honestly, durovs are exceptional people and enterpreneurs, however their encryption and what they say isn't always what it presented as

(comment deleted)
Lex Friedman recently did an interview with Durov: https://lexfridman.com/pavel-durov/

I listened to bits of it and I was disappointed by the lack of push back from Lex who was supper excited because he got to hang out with Durov for a couple of weeks in Dubai - the tl;dr I got from what I heard is that Telegram is amazing and Durov is a visionary freedom fighter. Lex's recent history I'm not surprised though.

Here's the transcript of the section about encryption: https://lexfridman.com/pavel-durov-transcript#chapter15_encr... I'll let you judge for yourself.

I'll comment on another section though because I'm somewhat knowledgeable having followed the subject closely in the media and by knowing the country: https://lexfridman.com/pavel-durov-transcript#chapter7_roman...

He claims: 'So, by the time the head of intelligence services met me to ask about Romania to help them silencing conservative voices in Romania, I was already wary of what can be going on next.'

I call bullshit on this. The 'conservative voices' are muppets doing Russia's bidding who broke all sorts of election laws. There was nothing serious happening on Telegram in Romania that would warrant any foreign intervention, it just doesn't make sense.

Signal is not an alternative to Telegram. It is an alternative to other mobile-phone-only instant messaging platforms like Whatsapp or Briar. All of these lack desktop clients, while claiming security and maintaining exclusivity to the backdoored platforms of Android and iOS.

Telegram has functional standalone desktop clients.