A Glimpse into Telegram’s Security

Recently, Edward Snowden posted concerns about Telegram’s default security on Twitter:

I respect @durov, but Ptacek is right: @telegram’s defaults are dangerous. Without a major update, it’s unsafe.https://t.co/pbBt2rHr5x
— Edward Snowden (@Snowden) December 19, 2015

triggered by Thomas Ptacek’s tweet, who said that Telegram stores messages on their servers in plaintext:

By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER.
— Thomas H. Ptacek (@tqbf) December 19, 2015

How Telegram’s cloud security actually works

In Telegram there are two kinds of chats, the cloud chat (“default” chat or group chat) and the secret chat
Messages of cloud chats are client-server encrypted with MTProto, an open source mobile protocol which Telegram developed on their own.

This means that messages are being encrypted before sending them to Telegram’s servers. Even if the message is being stored encrypted, the server has the capability of decrypting the message and read it as “plaintext”, as Snowden states out:

To be clear, what matters is that the plaintext of messages is *accessible* to the server (or service provider), not whether it’s “stored.”
— Edward Snowden (@Snowden) December 19, 2015

This is necessary though to make messages accessible on devices across different platforms such as Telegram’s mobile messenger or Telegram’s Desktop app. Telegram is a cloud service which stores messages, photos and other files on their servers, so that users can access their data from any of their devices. Anytime.

While messages could theoretically decrypted by Telegram’s server, Telegram ensures to store all data encrypted and store the encryption keys in several other data centers in different jurisdictions.

This way local engineers or physical intruders cannot get access to user data, as Pavel Durov, Founder of Telegram, also pointed out:

@tqbf This is false: @telegram never stores plaintext of messages, and deleted messages are erased forever. Do you get paid for posting BS?
— Pavel Durov (@durov) December 19, 2015

Secret chats ensure end-to-end encryption

For more paranoid users, Telegram offers their secret chat (also based on MTProto) which are end-to-end encrypted and the encryption keys are solely hold by the secret chat’s participants.

Therefore, if you start a secret chat, it’s only available on the device where you started the chat and it’s not synced across your other connected devices. Furthermore it requires both users to be online at the same time.

These messages don’t leave a trace on Telegram’s servers and if a message is being deleted, the app on the other side of the secret chat will be ordered to delete it as well. Alternatively, a self-destruct timer can be set for all messages, photos and other files.

Conclusion: Security comes at the price of convenience

I really like the possibility to choose on my own whether I want chats synced across devices or have them end-to-end encrypted on only one device.

In general I trust Telegram from a personal point of view, though some sources (1, 2) point out that Telegram’s security leaves room for improvement.

This post was originally published on our blog.

Read more

Sources

  1. A new 2⁶⁴ attack On Telegram has been announced, January 2015 ↩
  2. A new paper demonstrating that MTProto is not IND-CCA secure, 2015 ↩
One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.