Open access
Date
2023-07-10Type
- Conference Paper
Abstract
Telegram is a popular messenger with more than 550 million active users per month and with a large ecosystem of different clients. The wide adoption of Telegram by protestors relying on private and secure messaging provides motivation for developing a profound understanding of its cryptographic design and how this influences its security properties. Telegram has its own bespoke transport layer security protocol, MTProto 2.0. This protocol was recently subjected to a detailed study by Albrecht et al. (IEEE S&P 2022). They gave attacks on the protocol and its implementations, along with a security proof for a modified version of the protocol.
We complement that study by analysing a range of third-party client implementations of MTProto 2.0. We report practical replay attacks for the Pyrogram, Telethon and GramJS clients, and a more theoretical timing attack against the MadelineProto client. We show how vulnerable third-party clients can affect the security of the entire ecosystem, including official clients. Our analysis reveals that many third-party clients fail to securely implement MTProto 2.0. We discuss the reasons for these failures, focussing on complications in the design of MTProto 2.0 that lead developers to omit security-critical features or to implement the protocol in an insecure manner. We also discuss changes that could be made to MTProto 2.0 to remedy this situation. Overall, our work highlights the cryptographic fragility of the Telegram ecosystem. Show more
Permanent link
https://doi.org/10.3929/ethz-b-000620789Publication status
publishedExternal links
Book title
ASIA CCS '23: Proceedings of the 2023 ACM Asia Conference on Computer and Communications SecurityPages / Article No.
Publisher
Association for Computing MachineryEvent
Subject
Security and privacy; Security protocols; Web application security; Cryptanalysis and other attacks; Telegram; Timing side-channel; Reply attack; Encrypt-and-MACOrganisational unit
09653 - Paterson, Kenneth / Paterson, Kenneth
More
Show all metadata