Telegram is a mobile and desktop app which promises ‘secret chats' that are protected by end-to-end encryption. The Russia-based start-up has more than 50 million users and has been suggested as a secure messaging platform to replace the likes of Snapchat and Whatsapp, even amongst journalists.
However, its security is now under the spotlight after one security researcher claimed to have compromised and accessed these secrets chats, as well as the user database, in a proof-of-concept demonstration.
In a blog post published on Monday, Zimperium CEO Zuk Avraham detailed how he was able to run a kernel exploit to gain root access on his Android device (running OS version 4.2.2), at which point he was able to see how Telegram handled messages in memory.
Creating his own secret messages in the Android version of the Telegram app, Avraham ran a kernel exploit, dumped the process memory of Telegram, and found strings containing words he had input in his messages. These secrets chats were displayed in plain-text, and he was also able to access the cache4.db database file.
“While Telegram was founded upon a noble goal of providing privacy to consumers everywhere at no cost, they have fallen short of their objective by focusing purely on data-in-transit versus protecting data-at-rest on the mobile device itself,” he explained.
“Telegram's so-called powerful encryption is not protecting users any better than any other page or app that uses SSL. If you are using Telegram because you want to ensure your privacy and the privacy of the messages you are sending, be aware that it will not stop sophisticated hackers from reading your messages.” He added that nation-states, in particular, could easily bypass the encryption.
On his decision to attack the device, rather than the encryption itself he said: “It's easier to find a vulnerability in a phone and hack it remotely via URL/PDF/Man-In-The-Middle and other attack techniques. Once you hack a mobile phone, you need to elevate your privileges in order to gain control of the device. This can be easily done using a Kernel exploit.”
Avraham went on to reveal that he had notified the company several times on the flow, but published the proof-of-concept after 30 days of receiving no response.
A Telegram spokesman later told tech magazine Computerworld: “If you assume that the attacker has root access — no app can be secure. For example, in order to show anything on the screen, you need to put it [in] the device's memory. An attacker with root access can simply read your device's memory.”
Sean Sullivan, security advisor at F-Secure, told SCMagazineUK.com that the endpoint is always vulnerable, and apps will be as a result. He equated it to Google Chrome having no master password.
“I think its apples and oranges. Telegram is offering a service that protects from point-to-point, from bulk surveillance.”
He said that communications swept up by intelligence agencies would not be cracked, but said that Telegram would have little defence from a targeted attack. However, he said that this is something that “Telegram isn't promoting.”
Sullivan was generally happy with Telegram's end-to-end claims, saying that even compromised servers would only be able to see encrypted tunnels, while encryption keys are generated on the client side.
He said that they could tighten up the code a bit if they wanted to, such as to include self-destructing messages, but added that targeted attacks will often look to exploit end-point flaws.
“Advanced persistent threat attackers are always going to go after the endpoint at some point, and it's difficult to move from protecting against dragnets to sniper bullets.”
He summarised: “I think these are more security concerns, than encryption concerns.”
Jaz Singh, security consultant at Nettitude, told SC in an email: “When it comes to mobile security, data at rest is a major factor to consider. Since there is no one true way to secure data at rest many developers have resorted to using bespoke encryption techniques which may not be considered secure.
“From a security perspective, any sensitive data stored from a mobile application onto a device should be encrypted, whether it is stored in a SQLite database or elsewhere. Storage of encryption keys is therefore an inherent factor to consider.”