Private chat app Telegram may not be as secretive as advertised
The popular messaging app Telegram touts end-to-end encryption as one of its primary features, but may not be as secure as its 50 million users might think.
A security researcher says attackers can easily retrieve encrypted Telegram messages from devices used to send or receive them, even when the chats have been supposedly deleted permanently.
Private information that users may have shared via Telegram can be retrieved in plain text from the device, said听, chief technology officer of mobile security firm Zimperium.
Telegram has downplayed Mr. Avraham's discovery and said that its encryption works as claimed except when an attacker can gain administrative control of a device running the app. In such situations, no encryption measures can fully protect users, it said.
While demand for secretive chat services has grown听as a result of concerns over online snooping by government and law enforcement, the competing claims about Telegram听highlights the risk of sharing听sensitive data via online services that tout strong privacy protections.听
Services such as听Whisper and Secret,听for instance, have attracted millions of users by pitching online anonymity as a central theme. But, in separate reports last year researchers found that Whisper tracked its users' general whereabouts and the identity of Secret users was not always so secret.听
Telegram is an app for sending text and multimedia messages on Android, iOS, and Windows devices. Pavel and Nikolai Durov, the brothers behind VKontakte, one of Russia鈥檚 largest social networks, launched Telegram in 2013 as a secure alternative to WhatsApp, Line, and other messaging applications.听
Telegram that more than 50 million people, including many businesses, use it to send an average of 1 billion messages daily. The application is not particularly huge in the US though it has been among the top-ranked free apps in dozens of countries over the past year.
The Berlin-based nonprofit group managing Telegram has described it as a privacy-oriented app that uses a proprietary protocol called MTProto to securely encrypt data in transit between two parties engaged in a conversation.
The app supports a secret chat feature that touts end-to-end encryption of data in transit and while stored on the device. It offers a self-destruct feature that allows users to set a timer for deleting messages allegedly without leaving a trace on any device. Telegram claims听its app is so secure that it even offers a to anyone听that can recover a text message that was encrypted with the app.
But Avraham said Telegram鈥檚 claims are misleading: Data shared via Telegram can by retrieved in clear text at least from a majority of Android devices running the application. He said听he took advantage of a previously known vulnerability in an older version of Android to break into a mobile device running Telegram. The vulnerability allowed Avraham a way to gain root-level access to the machine, meaning he had complete administrative control of the device.
What he discovered is that anyone with that kind of access can read message that were sent using Telegram. 鈥淭he Secure-Chat messages can be read in clear-text in Telegram鈥檚 memory,鈥 Avraham said.
Even after a user deletes a message using Telegram鈥檚 self-destruct feature, the message can be retrieved in its entirety from the device, said Avraham.
But Markus Ra, head of marketing at Telegram, said the app works as advertised.
鈥淚f you assume that the attacker has root access, no app can be secure,鈥 he said. Rooting a device, or gaining control of the device in a manner not intended by the manufacturer, removes security features built into the operating system, said Mr. Ra. 鈥淭his is why manufacturers never give phone users root access by default.鈥
Encryption听only works听when听keys are inaccessible to the attacker, said Ra. 鈥淚f an exploit gives the attacker universal access to a system鈥檚 storage and memory 鈥 they will always have your key, no matter how many locks you use. No Android app can claim to protect data from a user with root access.鈥
Avraham contends Telegram鈥檚 arguments do little to counter the fact that the application鈥檚 encryption is not quite as rock-solid as it would have everyone think.
鈥淵ou do not need to be a sophisticated actor to access Telegram's secret messages,鈥 said Avraham. 鈥淎ny app that is running on your device can do it. Telegram should do more to protect their users.鈥
Telegram鈥檚 secret chats is 1 of 8 apps to receive a perfect score for security and privacy from rights advocacy group the . EFF maintains a secure messaging scorecard where it scores apps on various attributes such as encryption in transit, security design, authentication, security audits, and access to encryption keys by the vendor. Telegram鈥檚 app, along with seven other applications, scored higher than other better-known communication tools such as AIM, Blackberry Messenger, Facebook, and Google Hangouts.
Joseph Bonneau, a technology fellow at the EFF, said users have a problem if Zimperium鈥檚 claims about the contents of deleted messages still being retrievable from the device are true.
He agrees that privacy protections become useless once an attacker gains full access rights to the device. Even so, he said, Telegram should have implemented measures for ensuring that deleted messages are removed completely from both the sender and receiver鈥檚 devices.
Matt Clemens, engineer at application security vendor Arxan Technologies, said there are measures that can be applied to protect applications against the type of attack outlined by Zimperium.
The application code itself for instance can be protected against reverse engineering.
Measures can be taken to prevent attackers from pulling an application off a compromised device, taking it apart piece by piece and reassembling it so it looks like the original, he said. Similarly, the programming language used to define critical functionality can make a difference. There are also techniques that can be used to make an application aware that the device it is running on has been compromised and shut it down, he said.听鈥淭here are then no resultant messages in memory or in a cached database for the attacker to try to reconstruct.鈥
听
